CVE-2026-27478

🗓️ 11 Mar 2026 19:36:03Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 15 Views🌐 WEB

CVE-2026-27478 Unity Catalog issuer validation bypass enables user impersonation in token exchange.

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2026-27478	11 Mar 202619:36	–	attackerkb
Circl	CVE-2026-27478	11 Mar 202619:12	–	circl
CNNVD	Unity Catalog 安全漏洞	11 Mar 202600:00	–	cnnvd
Cvelist	CVE-2026-27478 Unity Catalog has a JWT Issuer Validation Bypass Allows Complete User Impersonation	11 Mar 202619:36	–	cvelist
EUVD	EUVD-2026-11304	11 May 202617:58	–	euvd
Github Security Blog	Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation	11 May 202617:58	–	github
NVD	CVE-2026-27478	11 Mar 202620:16	–	nvd
OSV	CVE-2026-27478 Unity Catalog has a JWT Issuer Validation Bypass Allows Complete User Impersonation	11 Mar 202619:36	–	osv
OSV	GHSA-QQCJ-RGHW-829X Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation	11 May 202617:58	–	osv
Positive Technologies	PT-2026-24800	11 Mar 202600:00	–	ptsecurity

NVD

Vulners

Node

unitycatalog unitycatalogRange≤0.4.0data

[
  {
    "vendor": "unitycatalog",
    "product": "unitycatalog",
    "versions": [
      {
        "version": "<= 0.4.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/unitycatalog/unitycatalog/security/advisories/GHSA-qqcj-rghw-829x

Parameter	Position	Path	Description	CWE
Authorization	header	api/1.0/unity-control/auth/tokens	Authentication bypass via issuer (iss) claim in incoming JWTs, where the endpoint dynamically fetches a JWKS endpoint for signature validation without validating that the issuer is trusted.	CWE-290, CWE-346, CWE-1390

17 Jun 2026 10:27Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.19.1

EPSS0.00183

SSVC

unity catalog issuer validation bypass token exchange endpoint user impersonation json web token