Cyber Resilience

CVE-2026-26010

HighPublic PoC

Published: 11 February 2026

Published
11 February 2026
Modified
13 February 2026
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
EPSS Score 0.0002 4.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-26010 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Open-Metadata Openmetadata. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-26010 is a vulnerability in OpenMetadata, a unified metadata platform, affecting versions prior to 1.11.8. It stems from UI calls to the /api/v1/ingestionPipelines endpoint that inadvertently leak JSON Web Tokens (JWTs) used by the ingestion-bot for specific services, including Glue, Redshift, and Postgres. This flaw, associated with CWE-269 (Improper Privilege Management), has a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L).

Any read-only user can exploit this vulnerability over the network with low complexity to capture the leaked JWTs, gaining access to a highly privileged account typically holding the Ingestion Bot Role. Successful exploitation enables destructive changes within OpenMetadata instances and potential data leakage, such as sample data or service metadata that would otherwise be restricted by roles and policies.

The vulnerability is addressed in OpenMetadata 1.11.8. Additional details on the fix and mitigation are available in the GitHub security advisory at https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-pqqf-7hxm-rj5r and the release notes at https://github.com/open-metadata/OpenMetadata/releases/tag/1.11.8-release.

EU & UK References

Vulnerability details

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a highly privileged account,…

more

typically which has the Ingestion Bot Role. This enables destructive changes in OpenMetadata instances, and potential data leakage (e.g. sample data, or service metadata which would be unavailable per roles/policies). This vulnerability is fixed in 1.11.8.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1528 Steal Application Access Token Credential Access
Adversaries can steal application access tokens as a means of acquiring credentials to access remote systems and resources.
T1550.001 Application Access Token Lateral Movement
Adversaries may use stolen application access tokens to bypass the typical authentication process and access restricted accounts, information, or services on remote systems.
Why these techniques?

Vuln directly leaks JWT application access tokens via API to low-priv users (T1528), enabling use of stolen tokens for auth (T1550.001) and privilege escalation from read-only to Ingestion Bot role (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-22244Same product: Open-Metadata Openmetadata
CVE-2024-44250Shared CWE-269
CVE-2024-53706Shared CWE-269
CVE-2025-66374Shared CWE-269
CVE-2026-28995Shared CWE-269
CVE-2025-43199Shared CWE-269
CVE-2025-36640Shared CWE-269
CVE-2025-8899Shared CWE-269
CVE-2024-47770Shared CWE-269
CVE-2025-24254Shared CWE-269

Affected Assets

open-metadata
openmetadata
≤ 1.11.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Principle of least privilege directly prevents read-only users from accessing highly privileged ingestion-bot JWTs leaked via the API.

prevent

Access enforcement mechanisms ensure the /api/v1/ingestionPipelines endpoint does not disclose sensitive JWTs to low-privileged users.

prevent

Information output filtering sanitizes API responses to remove leaked JWTs, blocking privilege escalation from read-only access.

References