CVE-2026-27478
Published: 11 March 2026
Summary
CVE-2026-27478 is a critical-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in Unitycatalog Unitycatalog. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 IA-13 (Identity Providers and Authorization Servers) and IA-5 (Authenticator Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires establishment and verification of trusted identity providers and authorization servers, directly preventing dynamic JWKS fetches from untrusted issuers in JWT validation.
Mandates management and verification of authenticators including confirmation of issuer identities, blocking acceptance of self-signed JWTs from arbitrary sources.
Requires validation of information inputs such as the JWT iss claim against trusted providers, stopping exploitation via malformed or attacker-controlled issuers.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Auth bypass in exposed /auth/tokens endpoint directly enables T1190 (public app exploitation via untrusted issuer/JWKS) and T1606 (forging JWT web credentials with attacker-controlled signing keys).
NVD Description
Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint (/api/1.0/unity-control/auth/tokens). The endpoint extracts the issuer (iss) claim from incoming JWTs and…
more
uses it to dynamically fetch the JWKS endpoint for signature validation without validating that the issuer is a trusted identity provider.
Deeper analysisAI
Unity Catalog, an open multi-modal catalog for data and AI, in versions 0.4.0 and earlier, is affected by CVE-2026-27478, a critical authentication bypass vulnerability with a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). The flaw resides in the token exchange endpoint at /api/1.0/unity-control/auth/tokens, where the endpoint extracts the issuer (iss) claim from incoming JWTs and dynamically fetches the corresponding JWKS endpoint for signature validation without first confirming that the issuer represents a trusted identity provider. This issue maps to CWEs 290 (Authentication Bypass), 346 (Origin Validation Error), and 1390 (Weak Authentication).
The vulnerability enables unauthenticated remote attackers to exploit it over the network with low attack complexity and no user interaction required. An attacker can craft a JWT bearing an arbitrary iss claim that points to a JWKS endpoint under their control, allowing them to self-sign a valid token for the endpoint. Exploitation results in high confidentiality and integrity impacts, such as unauthorized access to token exchange functionality and potentially broader Unity Catalog privileges.
Mitigation guidance and patch details are available in the upstream security advisory at https://github.com/unitycatalog/unitycatalog/security/advisories/GHSA-qqcj-rghw-829x, published on 2026-03-11.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai