Cyber Posture

CVE-2026-33725

HighRCE

Published: 27 March 2026

Published
27 March 2026
Modified
01 April 2026
KEV Added
Patch
CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0018 38.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-33725 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Metabase Metabase. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Flaw remediation directly addresses the deserialization vulnerability by applying vendor patches to fixed Metabase Enterprise versions, eliminating the ability to inject malicious INIT properties.

CM-6 Configuration Settings good match
prevent

Configuration settings enforce secure baselines, such as disabling the vulnerable POST /api/ee/serialization/import endpoint as the recommended workaround to block exploitation.

SI-10 Information Input Validation good match
prevent

Information input validation on the serialization import endpoint prevents processing of crafted archives that inject arbitrary SQL via H2 JDBC INIT properties.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

Vuln in exposed Metabase /api/ee/serialization/import endpoint (deserialization + H2 INIT injection) directly enables remote exploitation of public-facing app (T1190) by authenticated admins, resulting in RCE via arbitrary command execution (T1059) and arbitrary file read from local system (T1005).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4, authenticated admins on Metabase Enterprise Edition can achieve Remote Code Execution (RCE) and Arbitrary File Read…

more

via the `POST /api/ee/serialization/import` endpoint. A crafted serialization archive injects an `INIT` property into the H2 JDBC spec, which can execute arbitrary SQL during a database sync. We confirmed this was possible on Metabase Cloud. This only affects Metabase Enterprise. Metabase OSS lacks the affected codepaths. All versions of Metabase Enterprise that have serialization, which dates back to at least version 1.47, are affected. Metabase Enterprise versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4 patch the issue. As a workaround, disable the serialization import endpoint in their Metabase instance to prevent access to the vulnerable codepaths.

Deeper analysisAI

CVE-2026-33725 is a deserialization vulnerability (CWE-502) in Metabase Enterprise, an open source business intelligence and embedded analytics tool, with a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). It affects Metabase Enterprise editions prior to versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4, specifically via the POST /api/ee/serialization/import endpoint. The flaw allows injection of an INIT property into the H2 JDBC spec through a crafted serialization archive, leading to arbitrary SQL execution during database sync. Metabase Open Source Edition (OSS) is unaffected due to lacking the relevant codepaths, but all Enterprise versions with serialization support, dating back to at least 1.47, are vulnerable.

Authenticated administrators (high privilege required) can exploit this vulnerability remotely over the network with low complexity. By uploading a malicious serialization archive to the import endpoint, attackers trigger execution of arbitrary SQL via the injected INIT property in the H2 JDBC connection during a database synchronization process. This enables remote code execution (RCE) and arbitrary file read on the server. Exploitation has been confirmed possible on Metabase Cloud instances.

The Metabase security advisory (GHSA-fppj-vcm3-w229) recommends upgrading to patched versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, or 1.59.4. As a workaround, administrators can disable the serialization import endpoint to block access to the vulnerable codepaths.

Details

CWE(s)
CWE-502

Affected Products

metabase
metabase
≤ 1.54.22 · 1.55.0 — 1.55.22 · 1.56.0 — 1.56.22

CVEs Like This One

CVE-2026-22805Same product: Metabase Metabase
CVE-2026-27464Same product: Metabase Metabase
CVE-2025-23006Shared CWE-502
CVE-2026-22345Shared CWE-502
CVE-2025-42944Shared CWE-502
CVE-2025-29310Shared CWE-502
CVE-2024-9664Shared CWE-502
CVE-2025-1971Shared CWE-502
CVE-2025-2485Shared CWE-502
CVE-2024-13889Shared CWE-502

References