CVE Catalog

CVE-2026-46481

HighCVSS 8.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

13th percentile - higher than 13% of all known CVEs

Summary

In OpenMetadata prior to version 1.12.4, a non-admin SSO user could trigger a TEST_CONNECTION workflow for a Database Service and receive in the HTTP 201 response both the cleartext database password and the ingestion bot JWT.

Risk Assessment

The leaked bot token could allow unauthorized access to sensitive service APIs with bot-level privileges, posing a significant data security risk.

Recommendation

It is recommended to upgrade to version 1.12.4 or later to mitigate this vulnerability and to monitor API access for potential abuse.

Original NVD description (English source)

OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in request.connection.config.password and the ingestion bot JWT in openMetadataServerConnection.securityConfig.jwtToken. The leaked ingestion-bot token can then be reused as Authorization: Bearer <jwt> to access sensitive service APIs with bot-level privileges. This issue has been patched in version 1.12.4.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS