Lucene search
K

10 matches found

Packet Storm News
Packet Storm News
added 2026/05/06 12:0 a.m.20 views

Gray-Box Poisoning of Continuous Malware Ingestion Pipelines

Modern malware detection pipelines rely on continuous data ingestion and machine learning to counter the high volume of novel threats. This work investigates a realistic gray-box poisoning threat model targeting these pipelines. Using the secmlmalware framework, we generate problem-space...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/13 1:30 a.m.5 views

CVE-2026-26010

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres. Any read-only user can gain access to a highly privileged account, typically which has the...

7.6CVSS5.5AI score0.00331EPSS
Exploits1References1
NVD
NVD
added 2026/02/11 9:16 p.m.5 views

CVE-2026-26010

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres. Any read-only user can gain access to a highly privileged account, typically which has the...

7.6CVSS0.00331EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/11 9:5 p.m.4 views

CVE-2026-26010 Leaky JWTs in OpenMetadata exposing highly-privileged bot users

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres. Any read-only user can gain access to a highly privileged account, typically which has the...

7.6CVSS5.5AI score0.00331EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/11 9:5 p.m.4 views

CVE-2026-26010

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres. Any read-only user can gain access to a highly privileged account, typically which has the...

7.6CVSS5.5AI score0.00331EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/11 9:5 p.m.16 views

CVE-2026-26010

OpenMetadata CVE-2026-26010 describes a leakage of JWTs through calls to /api/v1/ingestionPipelines from the UI, prior to version 1.11.8. Read-only users could obtain tokens used by the ingestion-bot for services such as Glue, Redshift, and Postgres, enabling access to a highly privileged Ingesti...

7.6CVSS7.3AI score0.00331EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/02/11 2:23 p.m.3 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the api/v1/ingestionPipelines endpoint, which exposes JWT tokens used by privileged bot accounts in API responses. An attacker can gain unauthorized access to sensitive data and...

7.6CVSS5.6AI score0.00331EPSS
Exploits1References2
OSV
OSV
added 2026/02/11 2:23 p.m.3 views

GHSA-PQQF-7HXM-RJ5R Leaky JWTs in OpenMetadata exposing highly-privileged bot users

Summary Calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres Details Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes...

7.6CVSS5.5AI score0.00331EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/11 2:23 p.m.11 views

Leaky JWTs in OpenMetadata exposing highly-privileged bot users

Summary Calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres Details Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes...

7.6CVSS5.5AI score0.00331EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.6 views

PT-2026-7624

Name of the Vulnerable Software and Affected Versions OpenMetadata versions prior to 1.11.8 Description OpenMetadata is a unified metadata platform. Calls issued by the user interface against the /api/v1/ingestionPipelines API endpoint leak JSON Web Tokens JWTs used by the ingestion-bot for certa...

7.6CVSS7.2AI score0.00331EPSS
Exploits1References11
Rows per page
Query Builder