Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a
https://packetstormsecurity.com/files/154232/Tableau-XML-Injection.html
https://github.com/minecrater/exploits/blob/master/TableauXXE.py