Skip to main content
Mallory
Back to vulnerabilities
CriticalCISA KEVExploited in the wildPublic exploit

DoubleQlik / HTTP Tunneling RCE in Qlik Sense Enterprise for Windows

IdentifiersCVE-2023-48365CWE-20

CVE-2023-48365 (Qlik bug ID QB-21683) is a critical unauthenticated remote code execution vulnerability in Qlik Sense Enterprise for Windows. The flaw affects versions before August 2023 Patch 2 and corresponding earlier supported patch levels in other release branches. According to the provided content, the issue is caused by improper or incomplete validation of HTTP headers, which allows a remote attacker to tunnel crafted HTTP requests through the front-end component to the backend server hosting the Qlik Repository Service. This effectively lets the attacker perform backend HTTP requests with elevated trust and can lead to arbitrary code execution on the target system. The issue is explicitly noted as an incomplete fix for CVE-2023-41265.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows unauthenticated remote code execution against the Qlik Sense Enterprise for Windows environment by abusing request tunneling to the backend repository application. An attacker can elevate effective privileges across the application boundary, execute backend requests as a more trusted component, and ultimately run arbitrary code with the permissions of the backend service. This can result in full compromise of the Qlik Sense server, including unauthorized access to application data and configuration, follow-on lateral movement, deployment of additional tooling, and ransomware intrusion activity. The content also indicates real-world exploitation, including use in Cactus ransomware operations.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, reduce exposure by removing or restricting internet access to Qlik Sense servers, especially public-facing instances. Apply strict network segmentation around Qlik Sense and its backend services, limit access to trusted administrative networks, and use reverse proxies or edge controls to enforce conservative HTTP header validation and request filtering. Monitor for suspicious requests targeting Qlik Sense, unusual Scheduler.exe child processes, unexpected backend request patterns, and indicators associated with known exploitation activity. These are compensating controls only and do not replace vendor patching.

Remediation

Patch, then assume compromise.

Upgrade Qlik Sense Enterprise for Windows to a fixed release. The content identifies the fixed versions as: August 2023 Patch 2, May 2023 Patch 6, February 2023 Patch 10, November 2022 Patch 12, August 2022 Patch 14, May 2022 Patch 16, February 2022 Patch 15, and November 2021 Patch 17. Systems on unsupported or end-of-support releases should be upgraded to a supported fixed version. After patching, validate installation success and perform targeted verification or rescanning to confirm the issue is remediated.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
QlikQlik Senseapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

9 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

9 SOURCESView more in app
nuclei templates pull requestsNews
Mar 26, 2026
Add 5 KEV CVE templates (Fortinet, SonicWall, Qlik Sense) by ElromEvedElElyon · Pull Request #15698 · projectdiscovery/nuclei-templates · GitHub

A remote code execution vulnerability in Qlik Sense Enterprise involving HTTP tunneling.

Read more
greynoise blogNews
Feb 2, 2026
The Noise in the Silence: Unmasking CISA's Hidden KEV Ransomware Updates

A Qlik vulnerability that CISA KEV’s knownRansomwareCampaignUse field silently flipped to Known during 2025 (evidence of ransomware campaign use).

Read more
cyberthroneNews
Aug 22, 2025
CISA KEV Catalog H1 2025 Analysis

A high-severity HTTP tunneling vulnerability in Qlik Sense Enterprise for Windows, allowing privilege escalation and remote exploitation.

Read more
halcyon attacks newsNews
Aug 4, 2025
Power Rankings: Ransomware Malicious Quartile Q2-2025

A vulnerability in Qlik Sense exploited by Cactus ransomware for initial access.

Read more
+5 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence1

Every observed campaign linking this CVE to a named adversary.

Associated malware6

Malware families riding this exploit, with evidence and IOCs.

Detection signatures1

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2023-48365
NVD
nvd.nist.gov/vuln/detail/CVE-2023-48365
MITRE CWE · CWE-20
cwe.mitre.org
Vendor Advisory
community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/tac-p/2120510
US Government Resource
cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-48365