CVE-2026-27464
- Source
- https://cve.org/CVERecord?id=CVE-2026-27464
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27464.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-27464
- Aliases
-
- GHSA-vcj8-rcm8-gfj9
- Published
- 2026-02-21T07:57:50.957Z
- Modified
- 2026-02-24T03:06:26.130783Z
- Severity
-
- 7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- Metabase: Server-Side Template Injection via Notifications Endpoint Leads to RCE
- Details
-
Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0.58.6, authenticated users are able to retrieve sensitive information from a Metabase instance, including database access credentials. During testing, it was confirmed that a low-privileged user can extract sensitive information including database credentials, into the email body via template evaluation. This issue has been fixed in versions 0.57.13 and 0.58.7. To workaround this issue, users can disable notifications in their Metabase instance to disallow access to the vulnerable endpoints.
- Database specific
{ "cwe_ids": [ "CWE-1336", "CWE-94" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27464.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27464.json
- https://github.com/metabase/metabase/releases/tag/v0.57.13
- https://github.com/metabase/metabase/releases/tag/v0.58.7
- https://github.com/metabase/metabase/security/advisories/GHSA-vcj8-rcm8-gfj9
- https://nvd.nist.gov/vuln/detail/CVE-2026-27464
Affected packages
Git / github.com/metabase/metabase
Affected ranges
Affected versions
0.*
0.10.3
0.34.0-rc1
Other
beta-ee
beta-oss
blah
embedding-sdk-57-stable
rm
v20150601-alpha
v20150603-alpha
v20150604-alpha
embedding-sdk-0.*
embedding-sdk-0.1.0
embedding-sdk-0.1.10
embedding-sdk-0.1.11
embedding-sdk-0.1.12
embedding-sdk-0.1.13
embedding-sdk-0.1.14
embedding-sdk-0.1.15
embedding-sdk-0.1.16
embedding-sdk-0.1.17
embedding-sdk-0.1.18
embedding-sdk-0.1.19
embedding-sdk-0.1.2
embedding-sdk-0.1.20
embedding-sdk-0.1.21
embedding-sdk-0.1.22
embedding-sdk-0.1.23
embedding-sdk-0.1.24
embedding-sdk-0.1.25
embedding-sdk-0.1.26
embedding-sdk-0.1.27
embedding-sdk-0.1.28
embedding-sdk-0.1.29
embedding-sdk-0.1.30
embedding-sdk-0.1.31
embedding-sdk-0.1.32
embedding-sdk-0.1.33
embedding-sdk-0.1.34
embedding-sdk-0.1.35
embedding-sdk-0.1.36
embedding-sdk-0.1.37
embedding-sdk-0.1.38
embedding-sdk-0.1.4
embedding-sdk-0.1.5
embedding-sdk-0.1.6
embedding-sdk-0.1.7
embedding-sdk-0.1.8
embedding-sdk-0.1.9
embedding-sdk-0.52.1-nightly
embedding-sdk-0.52.2-nightly
embedding-sdk-0.52.3-nightly
embedding-sdk-0.52.4-nightly
embedding-sdk-0.53.1-nightly
embedding-sdk-0.54.1-nightly
embedding-sdk-0.54.2-nightly
embedding-sdk-0.54.3-nightly
embedding-sdk-0.55.1-nightly
embedding-sdk-0.57.0
embedding-sdk-0.57.0-alpha.0
embedding-sdk-0.57.0-alpha.1
embedding-sdk-0.57.0-alpha.2
embedding-sdk-0.57.0-alpha.3
embedding-sdk-0.57.0-beta.0
embedding-sdk-0.57.0-beta.1
embedding-sdk-1.*
embedding-sdk-1.52.1
prettier-1.*
prettier-1.17.0-package
release-0.*
release-0.32.2
v0.*
v0.10.0
v0.10.3
v0.10.4
v0.10.4.1
v0.11.0
v0.11.1
v0.11.2
v0.11.3
v0.12.0
v0.12.0-test
v0.12.1
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.1
v0.15.0
v0.15.1
v0.16.0
v0.16.1
v0.17.0
v0.17.1
v0.18.0
v0.18.1
v0.19.0
v0.19.1
v0.19.2
v0.19.3
v0.20.0
v0.20.1
v0.20.2
v0.20.3
v0.21.0
v0.21.0-rc2
v0.21.0-rc3
v0.21.1
v0.22.0
v0.22.1
v0.23.0
v0.23.0.RC2
v0.23.0.RC3
v0.23.0.RC4
v0.23.1
v0.24.0
v0.24.0.RC1
v0.24.0.RC2
v0.24.0.RC3
v0.24.0.RC4
v0.24.1
v0.24.2
v0.25.0
v0.25.0.RC1
v0.25.0.RC2
v0.26.0
v0.26.0.RC1
v0.26.0.RC2
v0.26.1
v0.28.0
v0.28.0-RC
v0.28.0-RC2
v0.28.0-RC3
v0.28.0.RC1
v0.28.1
v0.29.0
v0.29.0-RC1
v0.29.1
v0.29.2
v0.29.3
v0.30.0
v0.30.0-rc
v0.30.1
v0.30.2
v0.30.3
v0.30.4
v0.31.0
v0.31.0-RC1
v0.31.1
v0.31.2
v0.32.0
v0.32.0-RC1
v0.32.0-RC2
v0.32.1
v0.32.2
v0.32.3
v0.32.4
v0.32.5
v0.32.6
v0.32.7
v0.32.8
v0.33.0
v0.33.0-RC1
v0.33.1
v0.33.2
v0.33.3
v0.33.4
v0.33.5
v0.33.5.1
v0.33.6
v0.33.7
v0.33.7.1
v0.33.7.2
v0.33.7.3
v0.34.0
v0.34.1
v0.34.1-rc-test
v0.34.2
v0.34.3
v0.35.0
v0.35.0-rc1
v0.35.0-rc2
v0.35.1
v0.35.2
v0.35.3
v0.35.4
v0.36.0
v0.36.0-rc1
v0.36.0-snapshot
v0.36.1
v0.36.2
v0.36.3
v0.36.4
v0.36.5
v0.36.5.1
v0.36.6
v0.36.7
v0.36.8
v0.36.8.1
v0.37.0
v0.37.0-rc2
v0.37.0.1
v0.37.0.2
v0.37.1
v0.37.2
v0.37.3
v0.37.4
v0.37.5
v0.37.6
v0.37.7
v0.37.8
v0.38.0
v0.38.0-preview
v0.38.0-rc1
v0.38.0-rc2
v0.38.0-rc3
v0.38.0-rc4
v0.38.0-rc5
v0.38.0.1
v0.38.1
v0.38.2
v0.38.3
v0.38.4
v0.39.0
v0.39.0-rc1
v0.39.0-rc2
v0.39.0.1
v0.39.1
v0.39.2
v0.39.3
v0.39.4
v0.40.0
v0.40.0-rc1-dan
v0.40.0-rc2
v0.41.0-RC1
v0.42.0-preview1
v0.43.0-rc1
v0.44.0-RC1
v0.45.0-RC1
v0.45.0-RC2
v0.47.0-RC1
v0.48.0-RC1
v0.52.0-beta
v0.55.0-beta
v0.57.0-beta
v0.57.1
v0.57.1.1
v0.57.1.x
v0.57.10
v0.57.10.1
v0.57.10.2
v0.57.10.3
v0.57.10.4
v0.57.10.5
v0.57.10.6
v0.57.10.7
v0.57.10.x
v0.57.11
v0.57.11.1
v0.57.11.x
v0.57.12
v0.57.12.x
v0.57.2
v0.57.2.1
v0.57.2.2
v0.57.2.3
v0.57.2.4
v0.57.2.5
v0.57.2.6
v0.57.2.7
v0.57.2.x
v0.57.3
v0.57.3.1
v0.57.3.2
v0.57.3.3
v0.57.3.x
v0.57.4
v0.57.4.1
v0.57.4.2
v0.57.4.3
v0.57.4.4
v0.57.4.x
v0.57.5
v0.57.5.1
v0.57.5.2
v0.57.5.3
v0.57.5.4
v0.57.5.5
v0.57.5.6
v0.57.5.7
v0.57.5.8
v0.57.5.9
v0.57.5.x
v0.57.6
v0.57.6.1
v0.57.6.2
v0.57.6.3
v0.57.6.x
v0.57.7
v0.57.7.1
v0.57.7.10
v0.57.7.11
v0.57.7.12
v0.57.7.13
v0.57.7.14
v0.57.7.15
v0.57.7.16
v0.57.7.2
v0.57.7.3
v0.57.7.4
v0.57.7.5
v0.57.7.6
v0.57.7.7
v0.57.7.8
v0.57.7.9
v0.57.7.x
v0.57.8
v0.57.8.1
v0.57.8.2
v0.57.8.x
v0.57.9
v0.57.9.1
v0.57.9.2
v0.57.9.3
v0.57.9.4
v0.57.9.x
v0.57.x
v0.58.7.2
v0.9-final
v0.9.1
v0.9.2
v0.9.3
v1.*
v1.37.0.2
v1.37.1
v1.37.1.1
v1.37.1.2
v1.37.2
v1.37.3
v1.37.4
v1.37.5
v1.37.6
v1.37.7
v1.37.8
v1.38.0
v1.38.0.1
v1.38.1
v1.38.1-migration
v1.38.2
v1.38.3
v1.38.4
v1.39.0
v1.39.0.1
v1.39.1
v1.39.2
v1.39.3
v1.39.4
v1.40.0
v1.40.0-rc2
v1.41.0-RC1
v1.42.0-preview1
v1.42.0-rc2
v1.43.0-rc1
v1.44.0-RC1
v1.45.0-RC1
v1.45.0-RC2
v1.47.0-RC1
v1.48.0-RC1
v1.52.0-beta