CVE-2026-26010 (GCVE-0-2026-26010)
Vulnerability from cvelistv5 – Published: 2026-02-11 21:05 – Updated: 2026-02-11 21:05
VLAI?
Title
Leaky JWTs in OpenMetadata exposing highly-privileged bot users
Summary
OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes in OpenMetadata instances, and potential data leakage (e.g. sample data, or service metadata which would be unavailable per roles/policies). This vulnerability is fixed in 1.11.8.
Severity ?
7.6 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| open-metadata | OpenMetadata |
Affected:
< 1.11.8
|
{
"containers": {
"cna": {
"affected": [
{
"product": "OpenMetadata",
"vendor": "open-metadata",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes in OpenMetadata instances, and potential data leakage (e.g. sample data, or service metadata which would be unavailable per roles/policies). This vulnerability is fixed in 1.11.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T21:05:38.735Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-pqqf-7hxm-rj5r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-pqqf-7hxm-rj5r"
},
{
"name": "https://github.com/open-metadata/OpenMetadata/releases/tag/1.11.8-release",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/open-metadata/OpenMetadata/releases/tag/1.11.8-release"
}
],
"source": {
"advisory": "GHSA-pqqf-7hxm-rj5r",
"discovery": "UNKNOWN"
},
"title": "Leaky JWTs in OpenMetadata exposing highly-privileged bot users"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26010",
"datePublished": "2026-02-11T21:05:38.735Z",
"dateReserved": "2026-02-09T21:36:29.553Z",
"dateUpdated": "2026-02-11T21:05:38.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-26010\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-11T21:16:21.117\",\"lastModified\":\"2026-02-11T21:16:21.117\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes in OpenMetadata instances, and potential data leakage (e.g. sample data, or service metadata which would be unavailable per roles/policies). This vulnerability is fixed in 1.11.8.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L\",\"baseScore\":7.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"references\":[{\"url\":\"https://github.com/open-metadata/OpenMetadata/releases/tag/1.11.8-release\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-pqqf-7hxm-rj5r\",\"source\":\"security-advisories@github.com\"}]}}"
}
}
FKIE_CVE-2026-26010
Vulnerability from fkie_nvd - Published: 2026-02-11 21:16 - Updated: 2026-02-11 21:16
Severity ?
Summary
OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes in OpenMetadata instances, and potential data leakage (e.g. sample data, or service metadata which would be unavailable per roles/policies). This vulnerability is fixed in 1.11.8.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes in OpenMetadata instances, and potential data leakage (e.g. sample data, or service metadata which would be unavailable per roles/policies). This vulnerability is fixed in 1.11.8."
}
],
"id": "CVE-2026-26010",
"lastModified": "2026-02-11T21:16:21.117",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-02-11T21:16:21.117",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/open-metadata/OpenMetadata/releases/tag/1.11.8-release"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-pqqf-7hxm-rj5r"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Received",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
GHSA-PQQF-7HXM-RJ5R
Vulnerability from github – Published: 2026-02-11 14:23 – Updated: 2026-02-11 23:14
VLAI?
Summary
Leaky JWTs in OpenMetadata exposing highly-privileged bot users
Details
Summary
Calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres)
Details
Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes in OpenMetadata instances, and potential data leakage (e.g. sample data, or service metadata which would be unavailable per roles/policies).
PoC
I was able to extract the JWT used by the bot/agent populating sample_athena.default in the Collate Sandbox. To prove this out, I mutated the description to this UUID: fe2e4cc1-da72-4acf-8535-112a3cfa9c7e, which you can see @ https://sandbox.open-metadata.org/database/sample_athena.default.
Steps to Reproduce
- Create a Collate Sandbox account; these are non-admin accounts by default with minimal permissions.
- Open the Developer Console
- Go to the Services Page. In this case, sample_athena, though other services
-
In the Network tab, introspect the request made to api/v1/services/ingestionPipelines, and find the jwtToken in the response:
-
Use the JWT to issue (potentially destructive) API calls
-
Resulting mutated description:
Note that this is also the case for these services, among others: * acme_nexus_redshift * sample_postgres
Proposed Remediation
Redact jwtToken in API payload. Implement role-based filtering - Only return JWT tokens to users with explicit admin/service account permissions (for Admins) Rotate Ingestion Bot Tokens in affected environments
Impact
What kind of vulnerability is it? Who is impacted?
- Vulnerability Type: Privilege Escalation
- Risk: User impersonation, even for those with read-only access, can lead to destructive outcomes if malicious actors leverage the leaked JWT.
Severity ?
7.6 (High)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.open-metadata:openmetadata-sdk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.11.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-26010"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-11T14:23:02Z",
"nvd_published_at": "2026-02-11T21:16:21Z",
"severity": "HIGH"
},
"details": "### Summary\nCalls issued by the UI against `/api/v1/ingestionPipelines` leak JWTs used by `ingestion-bot` for certain services (Glue / Redshift / Postgres)\n\n### Details\nAny read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes in OpenMetadata instances, and potential data leakage (e.g. sample data, or service metadata which would be unavailable per roles/policies). \n\n\n### PoC\nI was able to extract the JWT used by the bot/agent populating [sample_athena.default](https://sandbox.open-metadata.org/database/sample_athena.default) in the Collate Sandbox. To prove this out, I mutated the description to this UUID: `fe2e4cc1-da72-4acf-8535-112a3cfa9c7e,` which you can see @ https://sandbox.open-metadata.org/database/sample_athena.default.\n\n#### Steps to Reproduce\n\n* Create a Collate Sandbox account; these are non-admin accounts by default with minimal permissions.\n* Open the Developer Console\n* Go to the Services Page. In this case, [sample_athena](https://sandbox.open-metadata.org/service/databaseServices/sample_athena?showDeletedTables=false\u0026currentPage=1), though other services \n* In the Network tab, introspect the request made to api/v1/services/ingestionPipelines, and find the jwtToken in the response:\n\u003cimg width=\"1329\" height=\"299\" alt=\"image\" src=\"https://github.com/user-attachments/assets/0c405776-159e-4188-9591-ed8cc71bc596\" /\u003e\n\n* Use the JWT to issue (potentially destructive) API calls\n\u003cimg width=\"3024\" height=\"1798\" alt=\"image\" src=\"https://github.com/user-attachments/assets/ab40b528-4d2b-404b-8f8a-482a1693e179\" /\u003e\n\n* Resulting mutated description:\n\u003cimg width=\"622\" height=\"399\" alt=\"image\" src=\"https://github.com/user-attachments/assets/3fa630ff-93b5-4b7d-8e3c-220f8a84a23a\" /\u003e\n\nNote that this is also the case for these services, among others:\n* [acme_nexus_redshift](https://sandbox.open-metadata.org/service/databaseServices/acme_nexus_redshift) \n* [sample_postgres](https://sandbox.open-metadata.org/service/databaseServices/sample_postgres)\n\n### Proposed Remediation\nRedact jwtToken in API payload.\nImplement role-based filtering - Only return JWT tokens to users with explicit admin/service account permissions\n(for Admins) Rotate Ingestion Bot Tokens in affected environments\n\n### Impact\n_What kind of vulnerability is it? Who is impacted?_\n\n* Vulnerability Type: Privilege Escalation\n* Risk: User impersonation, even for those with read-only access, can lead to destructive outcomes if malicious actors leverage the leaked JWT.",
"id": "GHSA-pqqf-7hxm-rj5r",
"modified": "2026-02-11T23:14:53Z",
"published": "2026-02-11T14:23:02Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-pqqf-7hxm-rj5r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26010"
},
{
"type": "PACKAGE",
"url": "https://github.com/open-metadata/OpenMetadata"
},
{
"type": "WEB",
"url": "https://github.com/open-metadata/OpenMetadata/releases/tag/1.11.8-release"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "Leaky JWTs in OpenMetadata exposing highly-privileged bot users"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…