CVE-2026-42812 (GCVE-0-2026-42812)
Vulnerability from cvelistv5 – Published: 2026-05-04 16:19 – Updated: 2026-05-04 16:38
VLAI?
Title
Apache Polaris: No protection on `write.metadata.path`
Summary
In Apache Iceberg, the table's metadata files are control files: they tell readers
which data files belong to the table and which table version to read.
`write.metadata.path` is an optional table property that tells Polaris
where to
write those metadata files.
For a table already registered in a
Polaris-managed
catalog, changing only that property through an `ALTER TABLE`-style settings
change (not a row-level `INSERT`, `SELECT`, `UPDATE`, or `DELETE`) bypasses
the commit-time branch that is supposed to revalidate storage locations.
The full persisted / credential-vending variant requires the affected
catalog
to have `polaris.config.allow.unstructured.table.location=true`, with
`allowedLocations` broad enough to include the attacker-chosen target.
`allowedLocations` is the admin-configured allowlist of storage paths that
the
catalog is allowed to use. Public project materials suggest that this flag
is a
real supported compatibility / layout mode, not just a contrived lab-only
prerequisite.
In that configuration, a user who can change table settings can cause Apache Polaris
itself to write new table metadata to an attacker-chosen reachable storage
location before the intended location-validation branch runs.
If the later concrete-path validation also accepts that location, Polaris
persists the resulting metadata path into stored table state. Later
table-load
and credential APIs can then return temporary cloud-storage credentials for
the
same location without revalidating it. In plain terms, Polaris can later
hand
out temporary storage access for the same attacker-chosen area.
That attacker-chosen area does not need to be limited to the poisoned
table's
own files. If it is a broader storage prefix, another table's prefix, or,
depending on configuration or provider behavior, even a bucket/container
root,
the resulting disclosure or corruption scope can extend to any data and
metadata Polaris can reach there.
The practical consequences are therefore similar to the staged-create
credential-vending issue already discussed: data and metadata reachable in
that
storage scope can be exposed and, if write-capable credentials are later
issued, modified, corrupted, or removed. Even before that later credential
step, Polaris itself performs the metadata write to the unchecked location.
So the core issue is not only later credential vending.
The primary defect
is
that Polaris skips its intended location checks before performing a
security-
sensitive metadata write when only `write.metadata.path` changes.
When `polaris.config.allow.unstructured.table.location=false`, current code
review suggests the later `updateTableLike(...)` validation usually rejects
out-of-tree metadata locations before the unsafe path is persisted. That may
reduce the persisted / credential-vending variant, but it does not prevent
the
underlying defect: Polaris still skips the intended pre-write location check
when only `write.metadata.path` changes.
Severity ?
9.9 (Critical)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Polaris |
Affected:
0 , < 1.4.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42812",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T16:31:28.354079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T16:31:33.619Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-05-04T16:38:57.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/02/13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Polaris",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Apache Iceberg, the table\u0027s metadata files are control files: they tell readers\nwhich data files belong to the table and which table version to read.\n\u003cbr\u003e\u003cbr\u003e\n`write.metadata.path` is an optional table property that tells Polaris\nwhere to\nwrite those metadata files. \u003cbr\u003eFor a table already registered in a\nPolaris-managed\ncatalog, changing only that property through an `ALTER TABLE`-style settings\nchange (not a row-level `INSERT`, `SELECT`, `UPDATE`, or `DELETE`) bypasses\nthe commit-time branch that is supposed to revalidate storage locations.\n\nThe full persisted / credential-vending variant requires the affected\ncatalog\nto have `polaris.config.allow.unstructured.table.location=true`, with\n`allowedLocations` broad enough to include the attacker-chosen target.\n\u003cbr\u003e\u003cbr\u003e`allowedLocations` is the admin-configured allowlist of storage paths that\nthe\ncatalog is allowed to use. Public project materials suggest that this flag\nis a\nreal supported compatibility / layout mode, not just a contrived lab-only\nprerequisite.\n\u003cbr\u003e\nIn that configuration, a user who can change table settings can cause Apache Polaris\nitself to write new table metadata to an attacker-chosen reachable storage\nlocation before the intended location-validation branch runs.\n\nIf the later concrete-path validation also accepts that location, Polaris\npersists the resulting metadata path into stored table state. Later\ntable-load\nand credential APIs can then return temporary cloud-storage credentials for\nthe\nsame location without revalidating it. In plain terms, Polaris can later\nhand\nout temporary storage access for the same attacker-chosen area.\n\nThat attacker-chosen area does not need to be limited to the poisoned\ntable\u0027s\nown files. If it is a broader storage prefix, another table\u0027s prefix, or,\ndepending on configuration or provider behavior, even a bucket/container\nroot,\nthe resulting disclosure or corruption scope can extend to any data and\nmetadata Polaris can reach there.\n\u003cbr\u003e\u003cbr\u003e\nThe practical consequences are therefore similar to the staged-create\ncredential-vending issue already discussed: data and metadata reachable in\nthat\nstorage scope can be exposed and, if write-capable credentials are later\nissued, modified, corrupted, or removed. Even before that later credential\nstep, Polaris itself performs the metadata write to the unchecked location.\n\nSo the core issue is not only later credential vending. \u003cbr\u003e\u003cbr\u003eThe primary defect\nis\nthat Polaris skips its intended location checks before performing a\nsecurity-\nsensitive metadata write when only `write.metadata.path` changes.\n\u003cbr\u003e\u003cbr\u003e\nWhen `polaris.config.allow.unstructured.table.location=false`, current code\nreview suggests the later `updateTableLike(...)` validation usually rejects\nout-of-tree metadata locations before the unsafe path is persisted. That may\nreduce the persisted / credential-vending variant, but it does not prevent\nthe\nunderlying defect: Polaris still skips the intended pre-write location check\nwhen only `write.metadata.path` changes.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In Apache Iceberg, the table\u0027s metadata files are control files: they tell readers\nwhich data files belong to the table and which table version to read.\n\n\n\n`write.metadata.path` is an optional table property that tells Polaris\nwhere to\nwrite those metadata files. \nFor a table already registered in a\nPolaris-managed\ncatalog, changing only that property through an `ALTER TABLE`-style settings\nchange (not a row-level `INSERT`, `SELECT`, `UPDATE`, or `DELETE`) bypasses\nthe commit-time branch that is supposed to revalidate storage locations.\n\nThe full persisted / credential-vending variant requires the affected\ncatalog\nto have `polaris.config.allow.unstructured.table.location=true`, with\n`allowedLocations` broad enough to include the attacker-chosen target.\n\n\n`allowedLocations` is the admin-configured allowlist of storage paths that\nthe\ncatalog is allowed to use. Public project materials suggest that this flag\nis a\nreal supported compatibility / layout mode, not just a contrived lab-only\nprerequisite.\n\n\nIn that configuration, a user who can change table settings can cause Apache Polaris\nitself to write new table metadata to an attacker-chosen reachable storage\nlocation before the intended location-validation branch runs.\n\nIf the later concrete-path validation also accepts that location, Polaris\npersists the resulting metadata path into stored table state. Later\ntable-load\nand credential APIs can then return temporary cloud-storage credentials for\nthe\nsame location without revalidating it. In plain terms, Polaris can later\nhand\nout temporary storage access for the same attacker-chosen area.\n\nThat attacker-chosen area does not need to be limited to the poisoned\ntable\u0027s\nown files. If it is a broader storage prefix, another table\u0027s prefix, or,\ndepending on configuration or provider behavior, even a bucket/container\nroot,\nthe resulting disclosure or corruption scope can extend to any data and\nmetadata Polaris can reach there.\n\n\n\nThe practical consequences are therefore similar to the staged-create\ncredential-vending issue already discussed: data and metadata reachable in\nthat\nstorage scope can be exposed and, if write-capable credentials are later\nissued, modified, corrupted, or removed. Even before that later credential\nstep, Polaris itself performs the metadata write to the unchecked location.\n\nSo the core issue is not only later credential vending. \n\nThe primary defect\nis\nthat Polaris skips its intended location checks before performing a\nsecurity-\nsensitive metadata write when only `write.metadata.path` changes.\n\n\n\nWhen `polaris.config.allow.unstructured.table.location=false`, current code\nreview suggests the later `updateTableLike(...)` validation usually rejects\nout-of-tree metadata locations before the unsafe path is persisted. That may\nreduce the persisted / credential-vending variant, but it does not prevent\nthe\nunderlying defect: Polaris still skips the intended pre-write location check\nwhen only `write.metadata.path` changes."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T16:19:55.828Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/wxd2wj3p0smvrk84msv317wg5tp3jtw9"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Apache Polaris: No protection on `write.metadata.path`",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-42812",
"datePublished": "2026-05-04T16:19:55.828Z",
"dateReserved": "2026-04-30T14:36:55.718Z",
"dateUpdated": "2026-05-04T16:38:57.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-42812\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2026-05-04T17:16:26.887\",\"lastModified\":\"2026-05-04T17:16:26.887\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Apache Iceberg, the table\u0027s metadata files are control files: they tell readers\\nwhich data files belong to the table and which table version to read.\\n\\n\\n\\n`write.metadata.path` is an optional table property that tells Polaris\\nwhere to\\nwrite those metadata files. \\nFor a table already registered in a\\nPolaris-managed\\ncatalog, changing only that property through an `ALTER TABLE`-style settings\\nchange (not a row-level `INSERT`, `SELECT`, `UPDATE`, or `DELETE`) bypasses\\nthe commit-time branch that is supposed to revalidate storage locations.\\n\\nThe full persisted / credential-vending variant requires the affected\\ncatalog\\nto have `polaris.config.allow.unstructured.table.location=true`, with\\n`allowedLocations` broad enough to include the attacker-chosen target.\\n\\n\\n`allowedLocations` is the admin-configured allowlist of storage paths that\\nthe\\ncatalog is allowed to use. Public project materials suggest that this flag\\nis a\\nreal supported compatibility / layout mode, not just a contrived lab-only\\nprerequisite.\\n\\n\\nIn that configuration, a user who can change table settings can cause Apache Polaris\\nitself to write new table metadata to an attacker-chosen reachable storage\\nlocation before the intended location-validation branch runs.\\n\\nIf the later concrete-path validation also accepts that location, Polaris\\npersists the resulting metadata path into stored table state. Later\\ntable-load\\nand credential APIs can then return temporary cloud-storage credentials for\\nthe\\nsame location without revalidating it. In plain terms, Polaris can later\\nhand\\nout temporary storage access for the same attacker-chosen area.\\n\\nThat attacker-chosen area does not need to be limited to the poisoned\\ntable\u0027s\\nown files. If it is a broader storage prefix, another table\u0027s prefix, or,\\ndepending on configuration or provider behavior, even a bucket/container\\nroot,\\nthe resulting disclosure or corruption scope can extend to any data and\\nmetadata Polaris can reach there.\\n\\n\\n\\nThe practical consequences are therefore similar to the staged-create\\ncredential-vending issue already discussed: data and metadata reachable in\\nthat\\nstorage scope can be exposed and, if write-capable credentials are later\\nissued, modified, corrupted, or removed. Even before that later credential\\nstep, Polaris itself performs the metadata write to the unchecked location.\\n\\nSo the core issue is not only later credential vending. \\n\\nThe primary defect\\nis\\nthat Polaris skips its intended location checks before performing a\\nsecurity-\\nsensitive metadata write when only `write.metadata.path` changes.\\n\\n\\n\\nWhen `polaris.config.allow.unstructured.table.location=false`, current code\\nreview suggests the later `updateTableLike(...)` validation usually rejects\\nout-of-tree metadata locations before the unsafe path is persisted. That may\\nreduce the persisted / credential-vending variant, but it does not prevent\\nthe\\nunderlying defect: Polaris still skips the intended pre-write location check\\nwhen only `write.metadata.path` changes.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.4,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.9,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-284\"},{\"lang\":\"en\",\"value\":\"CWE-732\"},{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/wxd2wj3p0smvrk84msv317wg5tp3jtw9\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/05/02/13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/05/02/13\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-05-04T16:38:57.660Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-42812\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-04T16:31:28.354079Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-04T16:31:30.384Z\"}}], \"cna\": {\"title\": \"Apache Polaris: No protection on `write.metadata.path`\", \"source\": {\"discovery\": \"INTERNAL\"}, \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"important\"}}}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.4, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Polaris\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.4.1\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/wxd2wj3p0smvrk84msv317wg5tp3jtw9\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Apache Iceberg, the table\u0027s metadata files are control files: they tell readers\\nwhich data files belong to the table and which table version to read.\\n\\n\\n\\n`write.metadata.path` is an optional table property that tells Polaris\\nwhere to\\nwrite those metadata files. \\nFor a table already registered in a\\nPolaris-managed\\ncatalog, changing only that property through an `ALTER TABLE`-style settings\\nchange (not a row-level `INSERT`, `SELECT`, `UPDATE`, or `DELETE`) bypasses\\nthe commit-time branch that is supposed to revalidate storage locations.\\n\\nThe full persisted / credential-vending variant requires the affected\\ncatalog\\nto have `polaris.config.allow.unstructured.table.location=true`, with\\n`allowedLocations` broad enough to include the attacker-chosen target.\\n\\n\\n`allowedLocations` is the admin-configured allowlist of storage paths that\\nthe\\ncatalog is allowed to use. Public project materials suggest that this flag\\nis a\\nreal supported compatibility / layout mode, not just a contrived lab-only\\nprerequisite.\\n\\n\\nIn that configuration, a user who can change table settings can cause Apache Polaris\\nitself to write new table metadata to an attacker-chosen reachable storage\\nlocation before the intended location-validation branch runs.\\n\\nIf the later concrete-path validation also accepts that location, Polaris\\npersists the resulting metadata path into stored table state. Later\\ntable-load\\nand credential APIs can then return temporary cloud-storage credentials for\\nthe\\nsame location without revalidating it. In plain terms, Polaris can later\\nhand\\nout temporary storage access for the same attacker-chosen area.\\n\\nThat attacker-chosen area does not need to be limited to the poisoned\\ntable\u0027s\\nown files. If it is a broader storage prefix, another table\u0027s prefix, or,\\ndepending on configuration or provider behavior, even a bucket/container\\nroot,\\nthe resulting disclosure or corruption scope can extend to any data and\\nmetadata Polaris can reach there.\\n\\n\\n\\nThe practical consequences are therefore similar to the staged-create\\ncredential-vending issue already discussed: data and metadata reachable in\\nthat\\nstorage scope can be exposed and, if write-capable credentials are later\\nissued, modified, corrupted, or removed. Even before that later credential\\nstep, Polaris itself performs the metadata write to the unchecked location.\\n\\nSo the core issue is not only later credential vending. \\n\\nThe primary defect\\nis\\nthat Polaris skips its intended location checks before performing a\\nsecurity-\\nsensitive metadata write when only `write.metadata.path` changes.\\n\\n\\n\\nWhen `polaris.config.allow.unstructured.table.location=false`, current code\\nreview suggests the later `updateTableLike(...)` validation usually rejects\\nout-of-tree metadata locations before the unsafe path is persisted. That may\\nreduce the persisted / credential-vending variant, but it does not prevent\\nthe\\nunderlying defect: Polaris still skips the intended pre-write location check\\nwhen only `write.metadata.path` changes.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eIn Apache Iceberg, the table\u0027s metadata files are control files: they tell readers\\nwhich data files belong to the table and which table version to read.\\n\u003cbr\u003e\u003cbr\u003e\\n`write.metadata.path` is an optional table property that tells Polaris\\nwhere to\\nwrite those metadata files. \u003cbr\u003eFor a table already registered in a\\nPolaris-managed\\ncatalog, changing only that property through an `ALTER TABLE`-style settings\\nchange (not a row-level `INSERT`, `SELECT`, `UPDATE`, or `DELETE`) bypasses\\nthe commit-time branch that is supposed to revalidate storage locations.\\n\\nThe full persisted / credential-vending variant requires the affected\\ncatalog\\nto have `polaris.config.allow.unstructured.table.location=true`, with\\n`allowedLocations` broad enough to include the attacker-chosen target.\\n\u003cbr\u003e\u003cbr\u003e`allowedLocations` is the admin-configured allowlist of storage paths that\\nthe\\ncatalog is allowed to use. Public project materials suggest that this flag\\nis a\\nreal supported compatibility / layout mode, not just a contrived lab-only\\nprerequisite.\\n\u003cbr\u003e\\nIn that configuration, a user who can change table settings can cause Apache Polaris\\nitself to write new table metadata to an attacker-chosen reachable storage\\nlocation before the intended location-validation branch runs.\\n\\nIf the later concrete-path validation also accepts that location, Polaris\\npersists the resulting metadata path into stored table state. Later\\ntable-load\\nand credential APIs can then return temporary cloud-storage credentials for\\nthe\\nsame location without revalidating it. In plain terms, Polaris can later\\nhand\\nout temporary storage access for the same attacker-chosen area.\\n\\nThat attacker-chosen area does not need to be limited to the poisoned\\ntable\u0027s\\nown files. If it is a broader storage prefix, another table\u0027s prefix, or,\\ndepending on configuration or provider behavior, even a bucket/container\\nroot,\\nthe resulting disclosure or corruption scope can extend to any data and\\nmetadata Polaris can reach there.\\n\u003cbr\u003e\u003cbr\u003e\\nThe practical consequences are therefore similar to the staged-create\\ncredential-vending issue already discussed: data and metadata reachable in\\nthat\\nstorage scope can be exposed and, if write-capable credentials are later\\nissued, modified, corrupted, or removed. Even before that later credential\\nstep, Polaris itself performs the metadata write to the unchecked location.\\n\\nSo the core issue is not only later credential vending. \u003cbr\u003e\u003cbr\u003eThe primary defect\\nis\\nthat Polaris skips its intended location checks before performing a\\nsecurity-\\nsensitive metadata write when only `write.metadata.path` changes.\\n\u003cbr\u003e\u003cbr\u003e\\nWhen `polaris.config.allow.unstructured.table.location=false`, current code\\nreview suggests the later `updateTableLike(...)` validation usually rejects\\nout-of-tree metadata locations before the unsafe path is persisted. That may\\nreduce the persisted / credential-vending variant, but it does not prevent\\nthe\\nunderlying defect: Polaris still skips the intended pre-write location check\\nwhen only `write.metadata.path` changes.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863 Incorrect Authorization\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284 Improper Access Control\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-732\", \"description\": \"CWE-732 Incorrect Permission Assignment for Critical Resource\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2026-05-04T16:19:55.828Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-42812\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-04T16:38:57.660Z\", \"dateReserved\": \"2026-04-30T14:36:55.718Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2026-05-04T16:19:55.828Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…