GHSA-PQQF-7HXM-RJ5R Leaky JWTs in OpenMetadata exposing highly-privileged bot users

Summary Calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres Details Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes...

Leaky JWTs in OpenMetadata exposing highly-privileged bot users

Summary Calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres Details Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes...

OpenMetadata 安全漏洞

OpenMetadata is an open-source platform for discovery, observability, and governance, supported by a central metadata storage library, deep lineage, and seamless team collaboration. There were security vulnerabilities in versions of OpenMetadata prior to 1.11.8. These vulnerabilities stemmed from...

PT-2026-7624

Name of the Vulnerable Software and Affected Versions OpenMetadata versions prior to 1.11.8 Description OpenMetadata is a unified metadata platform. Calls issued by the user interface against the /api/v1/ingestionPipelines API endpoint leak JSON Web Tokens JWTs used by the ingestion-bot for certa...

CVE-2026-22244

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection SSTI in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4 contains a patch...

CVE-2026-22244

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection SSTI in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4 contains a patch...

CVE-2026-22244 OpenMetadata Server-Side Template Injection (SSTI) in FreeMarker email templates that leads to RCE

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection SSTI in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4 contains a patch...

EUVD-2026-1673

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection SSTI in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4 contains a patch...

CVE-2026-22244

OpenMetadata is affected by CVE-2026-22244 due to Server-Side Template Injection (SSTI) in FreeMarker email templates. Affected versions: prior to 1.11.4; exploitation requires administrative privileges and can lead to remote code execution. OpenMetadata 1.11.4 contains a patch. References and Re...

CVE-2026-22244 OpenMetadata Server-Side Template Injection (SSTI) in FreeMarker email templates that leads to RCE

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection SSTI in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4 contains a patch...

OpenMetadata 安全漏洞

OpenMetadata is OpenMetadata open source a unified discovery, observability and governance platform powered by a central metadata repository, deep along and seamless team collaboration. A security vulnerability exists in OpenMetadata versions prior to 1.11.4 that stems from a server-side template...

PT-2026-2180

Name of the Vulnerable Software and Affected Versions OpenMetadata versions prior to 1.11.4 Description OpenMetadata is a unified metadata platform susceptible to remote code execution through Server-Side Template Injection SSTI within FreeMarker email templates. Exploitation requires an attacker...

EUVD-2026-1180

OpenMetadata's Server-Side Template Injection SSTI in FreeMarker email templates leads to RCE...

org.open-metadata:openmetadata-dist (>=1.0.0 <=1.11.13), org.open-metadata:openmetadata-mcp (>=1.10.0 <=1.11.13) potentially affected by unknown CVE via org.open-metadata:openmetadata-service (>=1.0.0-alpha <=1.11.3)

org.open-metadata:openmetadata-service MAVEN version =1.0.0-alpha, =1.0.0, =1.10.0, =1.11.13 Source cves: unknown CVE Source advisory: SNYK:JAVA-ORGOPENMETADATA-14912636...

OpenMetadata's Server-Side Template Injection (SSTI) in FreeMarker email templates leads to RCE

OpenMetadata RCE Vulnerability - Proof of Concept Executive Summary CRITICAL Remote Code Execution vulnerability confirmed in OpenMetadata v1.11.2 via Server-Side Template Injection SSTI in FreeMarker email templates. Credit - @lnlinh31, @satthusaosan, @TheMacCuoi, @get-wright, @Ohnooo1234,...

GHSA-5F29-2333-H9C7 OpenMetadata's Server-Side Template Injection (SSTI) in FreeMarker email templates leads to RCE

OpenMetadata RCE Vulnerability - Proof of Concept Executive Summary CRITICAL Remote Code Execution vulnerability confirmed in OpenMetadata v1.11.2 via Server-Side Template Injection SSTI in FreeMarker email templates. Credit - @lnlinh31, @satthusaosan, @TheMacCuoi, @get-wright, @Ohnooo1234,...

SQL Injection

org.open-metadata, openmetadata-service is vulnerable to SQL Injection. The vulnerability is due to improper handling of the entityType parameter in TestDefinitionDAO.listCount due to concatenating untrusted input into an SQL query, allowing attackers to supply crafted entityType values that modi...

SQL Injection

org.open-metadata, openmetadata-service is vulnerable to SQL Injection. The vulnerability is due to improper handling of the supportedDataTypeParam parameter in TestDefinitionDAO.listCount due to concatenating untrusted input into an SQL query, allowing attackers to supply crafted...

SQL Injection

org.open-metadata, openmetadata-service is vulnerable to SQL Injection. The vulnerability is due to improper handling of the entityType parameter in DocStoreDAO.listCount allowing attackers to supply crafted entityType values that modify the query and extract arbitrary data from the database...

EUVD-2025-24005

Malicious code in bioql PyPI...