Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-34214
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON
Source: NVD (National Vulnerability Database)
Vulnerability Description
Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials (access key) or vended credentials (temporary access key) are accessible to users that have write privilege on SQL level. This issue has been patched in version 480.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感数据的不恰当跨边界移除
Source: NVD (National Vulnerability Database)
Vulnerability Title
trino 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
trino是Trino开源的一个分布式SQL查询引擎。 Trino 439版本至480之前版本存在安全漏洞,该漏洞源于Iceberg连接器REST目录静态凭据或临时凭据对具有SQL级别写入权限的用户可访问,可能导致凭据泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
trinodbtrino >= 439, < 480 -
II. Public POCs for CVE-2026-34214
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2026-34214
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same weakness: CWE-212
V. Comments for CVE-2026-34214

No comments yet

Leave a comment