Description
OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes in OpenMetadata instances, and potential data leakage (e.g. sample data, or service metadata which would be unavailable per roles/policies). This vulnerability is fixed in 1.11.8.
Published: 2026-02-11
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation via Leaked JWTs
Action: Apply Patch
AI Analysis

Impact

OpenMetadata versions prior to 1.11.8 expose JSON Web Tokens (JWTs) issued to the ingestion‑bot when the UI calls the /api/v1/ingestionPipelines endpoint. An attacker with a read‑only account can capture these privileged tokens and use them to act as the ingestion‑bot, which has broad rights to modify pipeline configurations. The vulnerability creates a privilege escalation path that permits destructive changes to metadata, potential data leakage, and unauthorized manipulation of ingestion services. The weakness is a missing authorization check (CWE‑269).

Affected Systems

All OpenMetadata deployments running any release older than 1.11.8 are affected. The issue impacts the UI endpoint /api/v1/ingestionPipelines and affects the ingestion‑bot identities used for Glue, Redshift, and Postgres pipelines across those releases.

Risk and Exploitability

The CVSS score of 7.6 indicates high severity, while the EPSS score of <1% shows a low probability of exploitation under current conditions and the vulnerability is not listed in the CISA KEV catalog. Attackers would need access to a read‑only user session to trigger the vulnerable endpoint. Once the JWT is captured, the token grants full control over ingestion pipelines, enabling schema alterations, data exports, or other destructive actions. The exploit path requires only standard UI interaction, meaning any authenticated user with read‑only privileges can potentially exploit it.

Generated by OpenCVE AI on April 17, 2026 at 20:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to OpenMetadata 1.11.8 or a later version to eliminate the JWT leakage.
  • If an upgrade is not immediately possible, restrict or remove access to the /api/v1/ingestionPipelines endpoint for read‑only users and enforce stricter role checks on ingestion‑bot tokens.
  • Deploy monitoring on ingestion pipeline activity to detect unauthorized changes or token usage and alert stakeholders promptly.

Generated by OpenCVE AI on April 17, 2026 at 20:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-pqqf-7hxm-rj5r Leaky JWTs in OpenMetadata exposing highly-privileged bot users
History

Fri, 13 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:open-metadata:openmetadata:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L'}

Thu, 12 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Feb 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Open-metadata
Open-metadata openmetadata
Vendors & Products Open-metadata
Open-metadata openmetadata

Wed, 11 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Description OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes in OpenMetadata instances, and potential data leakage (e.g. sample data, or service metadata which would be unavailable per roles/policies). This vulnerability is fixed in 1.11.8.
Title Leaky JWTs in OpenMetadata exposing highly-privileged bot users
Weaknesses CWE-269
References
Metrics cvssV3_0

{'score': 7.6, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L'}

Subscriptions

Open-metadata Openmetadata
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-12T21:22:40.311Z

Reserved: 2026-02-09T21:36:29.553Z

Link: CVE-2026-26010

cve-icon Vulnrichment

Updated: 2026-02-12T21:22:36.892Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-11T21:16:21.117

Modified: 2026-02-13T21:34:48.030

Link: CVE-2026-26010

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T20:15:27Z

Weaknesses