HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-46481Published Modified CNA GitHub_M

CVE-2026-46481: OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users

OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in request.connection.config.password and the ingestion bot JWT in openMetadataServerConnection.securityConfig.jwtToken. The leaked ingestion-bot token can then be reused as Authorization: Bearer <jwt> to access sensitive service APIs with bot-level privileges. This issue has been patched in version 1.12.4.

Metrics

CVSS v3.1
8.3
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a sensitive-data exposure vulnerability in OpenMetadata, the unified metadata platform. Any authenticated non-admin SSO user can trigger a TEST_CONNECTION workflow and receive, in the HTTP 201 response, both the cleartext database password and the ingestion-bot JWT in plaintext. With the leaked bot token, an attacker can impersonate the ingestion bot and call sensitive service APIs with bot-level privileges, enabling both data theft and unauthorized data modification. A patched-image rebuild at version 1.12.4 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-46481 is available across every HarborGuard environment. The CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built images that package OpenMetadata, across all connected registries and CI pipelines.

Available
Triage

HarborGuard scores this finding at CVSS 8.3 (HIGH) and is capable of weighting it further against each environment's compliance policy to determine urgency. Triage routing to the appropriate team inbox within each customer organization is available as part of the standard policy-driven workflow.

Available
Patch

A patched-image rebuild at OpenMetadata version 1.12.4 becomes available on HarborGuard for any environment where an affected image is detected. For customers who opt into auto-remediation, HarborGuard can perform the rebuild, run a regression test suite, and open a pull request against affected workloads automatically.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the OpenMetadata API service over the network to send the crafted POST request to /api/v1/automations/workflows.

  • AuthenticationRequired

    Any low-privilege SSO account is sufficient; no admin or elevated role is required to trigger the vulnerable workflow.

  • Victim interactionNot required

    No victim action is needed; the attacker triggers the workflow directly without involving another user.

  • Attack complexityDetail

    The exploit is reliable and condition-free, requiring only a valid low-privilege session and a single well-formed API request.

Blast Radius

  • The attacker reads the cleartext database password returned in the workflow response, gaining direct credential access to the underlying database service.
  • The attacker reads the ingestion-bot JWT and reuses it as a Bearer token to call any service API accessible to the bot, reading stored metadata, service definitions, and connection configs.
  • The attacker uses bot-level write access to modify or delete metadata records, lineage data, and service configurations persisted in OpenMetadata.
  • Service availability is partially degraded (CVSS A:L); an attacker with bot privileges can disrupt ingestion workflows or corrupt pipeline state, though full service crash is not guaranteed.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-46481 activates automatically when an OpenMetadata image below 1.12.4 appears in a scanned registry or pipeline. Because no fix was published at the time of CVE record ingestion but 1.12.4 has since been identified as the patch release, a rebuilt image at 1.12.4 is available for affected environments. For customers who opt into auto-remediation, HarborGuard can trigger the rebuild, run a regression test pass, and open a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled. Where auto-remediation is not enabled, compensating controls worth considering while a rebuild is staged include: restricting the POST /api/v1/automations/workflows endpoint via network policy to admin-role identities only, applying egress filtering to prevent exfiltrated credentials from reaching external destinations, and auditing existing ingestion-bot JWT issuances to rotate any tokens that may already have been exposed.

See how HarborGuard automates this
Affected packages
  • open-metadata / OpenMetadata
    < 1.12.4
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
References