CVE-2026-46481
HighCVSS 8.3Exploitation Probability (EPSS)
Low risk13th percentile - higher than 13% of all known CVEs
Summary
In OpenMetadata prior to version 1.12.4, a non-admin SSO user could trigger a TEST_CONNECTION workflow for a Database Service and receive in the HTTP 201 response both the cleartext database password and the ingestion bot JWT.
Risk Assessment
The leaked bot token could allow unauthorized access to sensitive service APIs with bot-level privileges, posing a significant data security risk.
Recommendation
It is recommended to upgrade to version 1.12.4 or later to mitigate this vulnerability and to monitor API access for potential abuse.
Original NVD description (English source)
OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in request.connection.config.password and the ingestion bot JWT in openMetadataServerConnection.securityConfig.jwtToken. The leaked ingestion-bot token can then be reused as Authorization: Bearer <jwt> to access sensitive service APIs with bot-level privileges. This issue has been patched in version 1.12.4.

