Description
In Apache Iceberg, the table's metadata files are control files: they tell readers
which data files belong to the table and which table version to read.



`write.metadata.path` is an optional table property that tells Polaris
where to
write those metadata files.
For a table already registered in a
Polaris-managed
catalog, changing only that property through an `ALTER TABLE`-style settings
change (not a row-level `INSERT`, `SELECT`, `UPDATE`, or `DELETE`) bypasses
the commit-time branch that is supposed to revalidate storage locations.

The full persisted / credential-vending variant requires the affected
catalog
to have `polaris.config.allow.unstructured.table.location=true`, with
`allowedLocations` broad enough to include the attacker-chosen target.


`allowedLocations` is the admin-configured allowlist of storage paths that
the
catalog is allowed to use. Public project materials suggest that this flag
is a
real supported compatibility / layout mode, not just a contrived lab-only
prerequisite.


In that configuration, a user who can change table settings can cause Apache Polaris
itself to write new table metadata to an attacker-chosen reachable storage
location before the intended location-validation branch runs.

If the later concrete-path validation also accepts that location, Polaris
persists the resulting metadata path into stored table state. Later
table-load
and credential APIs can then return temporary cloud-storage credentials for
the
same location without revalidating it. In plain terms, Polaris can later
hand
out temporary storage access for the same attacker-chosen area.

That attacker-chosen area does not need to be limited to the poisoned
table's
own files. If it is a broader storage prefix, another table's prefix, or,
depending on configuration or provider behavior, even a bucket/container
root,
the resulting disclosure or corruption scope can extend to any data and
metadata Polaris can reach there.



The practical consequences are therefore similar to the staged-create
credential-vending issue already discussed: data and metadata reachable in
that
storage scope can be exposed and, if write-capable credentials are later
issued, modified, corrupted, or removed. Even before that later credential
step, Polaris itself performs the metadata write to the unchecked location.

So the core issue is not only later credential vending.

The primary defect
is
that Polaris skips its intended location checks before performing a
security-
sensitive metadata write when only `write.metadata.path` changes.



When `polaris.config.allow.unstructured.table.location=false`, current code
review suggests the later `updateTableLike(...)` validation usually rejects
out-of-tree metadata locations before the unsafe path is persisted. That may
reduce the persisted / credential-vending variant, but it does not prevent
the
underlying defect: Polaris still skips the intended pre-write location check
when only `write.metadata.path` changes.
Published: 2026-05-04
Score: 9.4 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker who can alter a table’s settings via an ALTER TABLE statement in Apache Polaris can change the optional write.metadata.path property, causing Polaris to write metadata files to an arbitrary storage location without performing the intended pre‑write location validation. The vulnerability bypasses the commit‑time branch that normally revalidates storage paths, enabling the system to persist metadata to a user‑chosen path that may be outside the allowedLocations list. This flaw can lead to the issuance of temporary cloud‑storage credentials for arbitrary directories or buckets, allowing an attacker to read, modify, or delete data and metadata within that scope, effectively leaking or corrupting sensitive information stored in the target location.

Affected Systems

Apache Polaris, a component of the Apache Iceberg ecosystem, is affected when the polaris.config.allow.unstructured.table.location flag is set to true and the allowedLocations allowlist contains the attacker‑chosen target. Even when the flag is false, the underlying defect remains because the system still skips pre‑write location checks when write.metadata.path changes, although the broader risk is reduced by the later validation step.

Risk and Exploitability

The CVSS score of 9.4 indicates a high‑severity risk, and while EPSS is not available, the absence of a KEV listing means that no confirmed exploitation has been documented. The likely attack vector involves privileged users executing an ALTER TABLE to modify write.metadata.path; the vulnerability is exploitable from within the Polaris deployment, requiring only that the attacker have permission to alter table properties. The resulting ability to write metadata to arbitrary locations and hand out credentials can lead to compromise of large storage prefixes or complete buckets, posing a significant confidentiality and integrity threat.

Generated by OpenCVE AI on May 4, 2026 at 17:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Apache Polaris to a version that re‑implements location validation for write.metadata.path changes.
  • Configure polaris.config.allow.unstructured.table.location to false and restrict allowedLocations to only approved storage paths.
  • Restrict privileges so that only administrators can modify table properties, preventing ordinary users from changing write.metadata.path.

Generated by OpenCVE AI on May 4, 2026 at 17:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache polaris
Vendors & Products Apache
Apache polaris

Mon, 04 May 2026 17:30:00 +0000

Type Values Removed Values Added
References

Mon, 04 May 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 16:30:00 +0000

Type Values Removed Values Added
Description In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. `write.metadata.path` is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a Polaris-managed catalog, changing only that property through an `ALTER TABLE`-style settings change (not a row-level `INSERT`, `SELECT`, `UPDATE`, or `DELETE`) bypasses the commit-time branch that is supposed to revalidate storage locations. The full persisted / credential-vending variant requires the affected catalog to have `polaris.config.allow.unstructured.table.location=true`, with `allowedLocations` broad enough to include the attacker-chosen target. `allowedLocations` is the admin-configured allowlist of storage paths that the catalog is allowed to use. Public project materials suggest that this flag is a real supported compatibility / layout mode, not just a contrived lab-only prerequisite. In that configuration, a user who can change table settings can cause Apache Polaris itself to write new table metadata to an attacker-chosen reachable storage location before the intended location-validation branch runs. If the later concrete-path validation also accepts that location, Polaris persists the resulting metadata path into stored table state. Later table-load and credential APIs can then return temporary cloud-storage credentials for the same location without revalidating it. In plain terms, Polaris can later hand out temporary storage access for the same attacker-chosen area. That attacker-chosen area does not need to be limited to the poisoned table's own files. If it is a broader storage prefix, another table's prefix, or, depending on configuration or provider behavior, even a bucket/container root, the resulting disclosure or corruption scope can extend to any data and metadata Polaris can reach there. The practical consequences are therefore similar to the staged-create credential-vending issue already discussed: data and metadata reachable in that storage scope can be exposed and, if write-capable credentials are later issued, modified, corrupted, or removed. Even before that later credential step, Polaris itself performs the metadata write to the unchecked location. So the core issue is not only later credential vending. The primary defect is that Polaris skips its intended location checks before performing a security- sensitive metadata write when only `write.metadata.path` changes. When `polaris.config.allow.unstructured.table.location=false`, current code review suggests the later `updateTableLike(...)` validation usually rejects out-of-tree metadata locations before the unsafe path is persisted. That may reduce the persisted / credential-vending variant, but it does not prevent the underlying defect: Polaris still skips the intended pre-write location check when only `write.metadata.path` changes.
Title Apache Polaris: No protection on `write.metadata.path`
Weaknesses CWE-20
CWE-284
CWE-732
CWE-863
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Apache Polaris
cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2026-05-04T16:38:57.660Z

Reserved: 2026-04-30T14:36:55.718Z

Link: CVE-2026-42812

cve-icon Vulnrichment

Updated: 2026-05-04T16:38:57.660Z

cve-icon NVD

Status : Received

Published: 2026-05-04T17:16:26.887

Modified: 2026-05-04T17:16:26.887

Link: CVE-2026-42812

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T19:44:04Z

Weaknesses