CVE-2026-26010
Published: 11 February 2026
Summary
CVE-2026-26010 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Open-Metadata Openmetadata. Its CVSS base score is 7.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2026-26010 is a vulnerability in OpenMetadata, a unified metadata platform, affecting versions prior to 1.11.8. It stems from UI calls to the /api/v1/ingestionPipelines endpoint that inadvertently leak JSON Web Tokens (JWTs) used by the ingestion-bot for specific services, including Glue, Redshift, and Postgres. This flaw, associated with CWE-269 (Improper Privilege Management), has a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L).
Any read-only user can exploit this vulnerability over the network with low complexity to capture the leaked JWTs, gaining access to a highly privileged account typically holding the Ingestion Bot Role. Successful exploitation enables destructive changes within OpenMetadata instances and potential data leakage, such as sample data or service metadata that would otherwise be restricted by roles and policies.
The vulnerability is addressed in OpenMetadata 1.11.8. Additional details on the fix and mitigation are available in the GitHub security advisory at https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-pqqf-7hxm-rj5r and the release notes at https://github.com/open-metadata/OpenMetadata/releases/tag/1.11.8-release.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-6197
Vulnerability details
OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a highly privileged account,…
more
typically which has the Ingestion Bot Role. This enables destructive changes in OpenMetadata instances, and potential data leakage (e.g. sample data, or service metadata which would be unavailable per roles/policies). This vulnerability is fixed in 1.11.8.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vuln directly leaks JWT application access tokens via API to low-priv users (T1528), enabling use of stolen tokens for auth (T1550.001) and privilege escalation from read-only to Ingestion Bot role (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Principle of least privilege directly prevents read-only users from accessing highly privileged ingestion-bot JWTs leaked via the API.
Access enforcement mechanisms ensure the /api/v1/ingestionPipelines endpoint does not disclose sensitive JWTs to low-privileged users.
Information output filtering sanitizes API responses to remove leaked JWTs, blocking privilege escalation from read-only access.