CVE-2026-42809 Apache Polaris: staged table creation could vend storage credentials for unvalidated locations

Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...

Apache Polaris 输入验证错误漏洞

Apache Polaris is a data management and query service component of the Apache Foundation. Apache Polaris has a vulnerability related to input validation, which stems from skipping expected position checks when only the write.metadata.path property is changed. This may lead to metadata being writt...