Apache Polaris has an Improper Input Validation Issue

Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...

CVE-2026-34214 Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON

Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials access key or vended credentials temporary access key are accessible to users that have write privilege on SQL level. This issue has been patch...

Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON

Summary Iceberg connector REST catalog static credentials access key or vended credentials temporary access key are accessible to users that have write privilege on SQL level. Details Iceberg REST catalog typically needs access to object storage. This access can be configured in multiple differen...

GHSA-X27P-5F68-M644 Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON

Summary Iceberg connector REST catalog static credentials access key or vended credentials temporary access key are accessible to users that have write privilege on SQL level. Details Iceberg REST catalog typically needs access to object storage. This access can be configured in multiple differen...

PT-2026-28609

Summary Iceberg connector REST catalog static credentials access key or vended credentials temporary access key are accessible to users that have write privilege on SQL level. Details Iceberg REST catalog typically needs access to object storage. This access can be configured in multiple differen...