seclists.org ยท May 2, 2026 06:17 PM UTC

oss-sec: CVE-2026-42809: Apache Polaris: An authenticated low-privileged user can abuse Polaris staged table creation to mint broad temporary storage credentials for an attacker-chosen location before

Read full story on seclists.org
oss-sec: CVE-2026-42809: Apache Polaris: An authenticated low-privileged user can abuse Polaris staged table creation to mint broad temporary storage credentials for an attacker-chosen location before

Summary

Severity: important Affected versions: - Apache Polaris before 1.4.1 Description: Apache Polaris can issue broad temporary ("vended") storage credentials during...

Original reporting

Open original source

AFBytes is a read-only aggregator. Use the original source for full context and complete reporting.

Related coverage

Read full article on seclists.org