CVE-2026-44221

ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: 1 ServerSecurityUser.getDatabaseUser returned a DB user with an...

CVE-2026-44221

ArcadeDB prior to version 2.6.4 (also referenced as 26.4.2 in some advisories) contains a cross-database authorization bypass. Two defects enable authenticated principals to bypass both record-level and database-level controls: (1) ServerSecurityUser.getDatabaseUser() returns a DB user with an un...

Authorization Bypass

com.arcadedb, arcadedb-server is vulnerable to Authorization Bypass. The vulnerability is due to improper initialization of access controls and missing security configuration during database creation, which allows an attacker to bypass database and record-level authorization restrictions...

GHSA-FXC7-FM93-6Q77 ArcadeDB vulnerable to cross-database authorization bypass and unsecured newly-created databases

Impact Authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: 1 ServerSecurityUser.getDatabaseUser returned a DB user with an uninitialized fileAccessMap, which...

PT-2026-37317

Name of the Vulnerable Software and Affected Versions ArcadeDB versions prior to 26.4.2 Description Authenticated users and API tokens scoped to a specific database can read, write, and mutate schema on any other database on the same server. This occurs due to two defects: first, the...

Introducing Share Consumer Support (Kafka Queues) in Spring for Apache Kafka

Continuing our Road to GA series, this week we're exploring Share Groups in Apache Kafka 4.0.0 and their integration in Spring for Apache Kafka 4.0.0 - a feature that fundamentally expands how we can consume messages from Kafka topics. When we first start working with Kafka, the mental model is...