All 7 CVE vulnerabilities found in OpenMetadata, with AI-generated Chinese analysis, references, and POCs.
Vendor: open-metadata
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-26010 | Leaky JWTs in OpenMetadata exposing highly-privileged bot users CWE-269 | 8.1AI | HighAI | 2026-02-11 |
| CVE-2026-22244 | OpenMetadata Server-Side Template Injection (SSTI) in FreeMarker email templates that leads to RCE CWE-1336 | 7.2 | - | 2026-01-08 |
| CVE-2024-28848 | SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` in OpenMetadata CWE-94 | 8.8 | High | 2024-03-15 |
| CVE-2024-28255 | Authentication Bypass in OpenMetadata CWE-287 | 9.8 | Critical | 2024-03-15 |
| CVE-2024-28847 | SpEL Injection in `PUT /api/v1/events/subscriptions` in OpenMetadata CWE-94 | 8.8 | High | 2024-03-15 |
| CVE-2024-28254 | SpEL Injection in `GET /api/v1/events/subscriptions/validation/condition/<expr>` in OpenMetadata CWE-78 | 8.8 | High | 2024-03-15 |
| CVE-2024-28253 | SpEL Injection in `PUT /api/v1/policies` in OpenMetadata CWE-94 | 9.4 | Critical | 2024-03-15 |
All 7 known CVE vulnerabilities affecting OpenMetadata with full Chinese analysis, references, and POCs where available.