Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2026-26010

Leaky JWTs in OpenMetadata exposing highly-privileged bot users
Back to all
CVE

CVE-2026-26010

Leaky JWTs in OpenMetadata exposing highly-privileged bot users

Summary

Calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres)

Details

Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes in OpenMetadata instances, and potential data leakage (e.g. sample data, or service metadata which would be unavailable per roles/policies). 

PoC

I was able to extract the JWT used by the bot/agent populating sample_athena.default in the Collate Sandbox. To prove this out, I mutated the description to this UUID: fe2e4cc1-da72-4acf-8535-112a3cfa9c7e, which you can see  @ https://sandbox.open-metadata.org/database/sample_athena.default.

Steps to Reproduce

  • Create a Collate Sandbox account; these are non-admin accounts by default with minimal permissions.
  • Open the Developer Console
  • Go to the Services Page. In this case, sample_athena, though other services 
  • In the Network tab, introspect the request made to api/v1/services/ingestionPipelines, and find the jwtToken in the response:

<img width="1329" height="299" alt="image" src="https://github.com/user-attachments/assets/0c405776-159e-4188-9591-ed8cc71bc596" />

  • Use the JWT to issue (potentially destructive) API calls

<img width="3024" height="1798" alt="image" src="https://github.com/user-attachments/assets/ab40b528-4d2b-404b-8f8a-482a1693e179" />

  • Resulting mutated description:

<img width="622" height="399" alt="image" src="https://github.com/user-attachments/assets/3fa630ff-93b5-4b7d-8e3c-220f8a84a23a" />

Note that this is also the case for these services, among others:

Proposed Remediation

Redact jwtToken in API payload.

Implement role-based filtering - Only return JWT tokens to users with explicit admin/service account permissions

(for Admins) Rotate Ingestion Bot Tokens in affected environments

Impact

What kind of vulnerability is it? Who is impacted?

  • Vulnerability Type: Privilege Escalation
  • Risk: User impersonation, even for those with read-only access, can lead to destructive outcomes if malicious actors leverage the leaked JWT.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
7.6
-
3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
C
H
U
7.6
-
3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Related Resources

No items found.

References

https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-pqqf-7hxm-rj5r, https://nvd.nist.gov/vuln/detail/CVE-2026-26010, https://github.com/open-metadata/OpenMetadata, https://github.com/open-metadata/OpenMetadata/releases/tag/1.11.8-release

Severity

7.6

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
7.6
EPSS Probability
0.00013%
EPSS Percentile
0.02126%
Introduced Version
1.8.0,1.0.0-alpha
Fix Available
1.11.8

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading