Lucene search
K

314 matches found

Nuclei
Nuclei
added 4 days ago67 views

Metabase < 0.46.6.1 - Remote Code Execution

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2...

9.8CVSS7.3AI score0.97924EPSS
Exploits37References6
Nuclei
Nuclei
added 4 days ago31 views

Metabase - Local File Inclusion

Metabase is an open source data analytics platform. In affected versions a local file inclusion security issue has been discovered with the custom GeoJSON map admin-settings-maps-custom maps-add a map support and potential local file inclusion including environment variables. URLs were not...

10CVSS7AI score0.97178EPSS
Exploits5References5
NVD
NVD
added 6 days ago8 views

CVE-2026-59827

Metabase is an open-source business intelligence and embedded analytics tool. Prior to 1.58.15, 1.59.12, 1.60.6.3, and 1.61.1.4, Metabase instances with an H2 database connection, including the default sample database, deserialize arbitrary Java objects returned in H2 native query result columns ...

9.9CVSS0.00457EPSS
Exploits1References6
NVD
NVD
added 6 days ago10 views

CVE-2026-59826

Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until 1.58.15.1, 1.59.12, 1.60.6.3, and 1.61.2, Metabase did not validate unsafe H2 connection properties on one database-creation code path, allowing an authenticated administrator to register a crafted H2...

9.1CVSS0.00391EPSS
Exploits1References6
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-59826 Metabase: Arbitrary Code Execution via Database Connection Detail Bypass

Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until 1.58.15.1, 1.59.12, 1.60.6.3, and 1.61.2, Metabase did not validate unsafe H2 connection properties on one database-creation code path, allowing an authenticated administrator to register a crafted H2...

9.1CVSS0.00391EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 6 days ago4 views

CVE-2026-59826

Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until 1.58.15.1, 1.59.12, 1.60.6.3, and 1.61.2, Metabase did not validate unsafe H2 connection properties on one database-creation code path, allowing an authenticated administrator to register a crafted H2...

9.1CVSS6.2AI score0.00391EPSS
Exploits1References7Affected Software1
OSV
OSV
added 6 days ago5 views

CVE-2026-59826 Metabase: Arbitrary Code Execution via Database Connection Detail Bypass

Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until 1.58.15.1, 1.59.12, 1.60.6.3, and 1.61.2, Metabase did not validate unsafe H2 connection properties on one database-creation code path, allowing an authenticated administrator to register a crafted H2...

9.1CVSS6.3AI score0.00391EPSS
Exploits1References8
CVE
CVE
added 6 days ago19 views

CVE-2026-59826

Metabase is an open-source BI/analytics tool. Vulnerable in versions 1.55.0 through 1.58.15.1, 1.59.12, 1.60.6.3, and 1.61.2 due to not validating unsafe H2 connection properties on a database-creation path. An authenticated administrator could register a crafted H2 database connection and execut...

9.1CVSS6.2AI score0.00391EPSS
Exploits1References6
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42664

Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until 1.58.15.1, 1.59.12, 1.60.6.3, and 1.61.2, Metabase did not validate unsafe H2 connection properties on one database-creation code path, allowing an authenticated administrator to register a crafted H2...

9.1CVSS6.2AI score0.00391EPSS
Exploits1References6
CVE
CVE
added 6 days ago13 views

CVE-2026-59827

Metabase (open-source BI/analytics) prior to versions 1.58.15, 1.59.12, 1.60.6.3, and 1.61.1.4 is vulnerable when using an H2 database connection (including the default sample DB). The flaw allows an authenticated user who can run native H2 queries to deserialize arbitrary Java objects from H2 qu...

9.9CVSS6.2AI score0.00457EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-59827 Metabase: Unsafe Deserialization of H2 Query Results

Metabase is an open-source business intelligence and embedded analytics tool. Prior to 1.58.15, 1.59.12, 1.60.6.3, and 1.61.1.4, Metabase instances with an H2 database connection, including the default sample database, deserialize arbitrary Java objects returned in H2 native query result columns ...

9.9CVSS0.00457EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-59827

Metabase is an open-source business intelligence and embedded analytics tool. Prior to 1.58.15, 1.59.12, 1.60.6.3, and 1.61.1.4, Metabase instances with an H2 database connection, including the default sample database, deserialize arbitrary Java objects returned in H2 native query result columns ...

9.9CVSS6.2AI score0.00457EPSS
Exploits1References7Affected Software1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42659

Metabase is an open-source business intelligence and embedded analytics tool. Prior to 1.58.15, 1.59.12, 1.60.6.3, and 1.61.1.4, Metabase instances with an H2 database connection, including the default sample database, deserialize arbitrary Java objects returned in H2 native query result columns ...

9.9CVSS6.2AI score0.00457EPSS
Exploits1References6
OSV
OSV
added 6 days ago2 views

CVE-2026-59827 Metabase: Unsafe Deserialization of H2 Query Results

Metabase is an open-source business intelligence and embedded analytics tool. Prior to 1.58.15, 1.59.12, 1.60.6.3, and 1.61.1.4, Metabase instances with an H2 database connection, including the default sample database, deserialize arbitrary Java objects returned in H2 native query result columns ...

9.9CVSS6.3AI score0.00457EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56901

Name of the Vulnerable Software and Affected Versions Metabase versions 1.55.0 through 1.58.15.0 Metabase versions 1.59.0 through 1.59.11 Metabase versions 1.60.0 through 1.60.6.2 Metabase versions 1.61.0 through 1.61.1 Description Metabase fails to validate unsafe H2 connection properties during...

9.1CVSS6.4AI score0.00391EPSS
Exploits1References14
GithubExploit
GithubExploit
added 2026/04/06 12:10 p.m.85 views

Exploit for Deserialization of Untrusted Data in Metabase

CVE-2026-33725 A proof-of-concept exploit for CVE-2026-33725,...

7.2CVSS5.8AI score0.00763EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/03/31 12:0 a.m.8 views

Metabase Enterprise < 1.54.22 / 1.55.x < 1.55.22 / 1.56.x < 1.56.22 / 1.57.x < 1.57.16 / 1.58.x < 1.58.10 / 1.59.x < 1.59.4 RCE (GHSA-fppj-vcm3-w229)

The version of Metabase Enterprise installed on the remote host is prior to 1.54.22, 1.55.x prior to 1.55.22, 1.56.x prior to 1.56.22, 1.57.x prior to 1.57.16, 1.58.x prior to 1.58.10, or 1.59.x prior to 1.59.4. It is, therefore, affected by a remote code execution vulnerability: - Authenticated...

7.2CVSS6.8AI score0.00763EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.4 views

CVE-2026-33725

Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4, authenticated admins on Metabase Enterprise Edition can achieve Remote Code Execution RCE and Arbitrary File Read via the...

7.2CVSS6.2AI score0.00763EPSS
Exploits1References1
NVD
NVD
added 2026/03/27 1:16 a.m.5 views

CVE-2026-33725

Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4, authenticated admins on Metabase Enterprise Edition can achieve Remote Code Execution RCE and Arbitrary File Read via the...

7.2CVSS0.00763EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/27 12:19 a.m.1 views

CVE-2026-33725 Metabase vulnerable to RCE and Arbitrary File Read via H2 JDBC INIT Injection in EE Serialization Import

Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4, authenticated admins on Metabase Enterprise Edition can achieve Remote Code Execution RCE and Arbitrary File Read via the...

7.2CVSS6.2AI score0.00763EPSS
Exploits1References1
Rows per page
Query Builder