CVE-2026-34214

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-34214

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-34214.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-34214

Aliases

GHSA-x27p-5f68-m644

Related

CGA-ww5p-v89c-342v

Published

2026-03-31T14:14:47.982Z

Modified

2026-04-10T05:43:32.208010Z

Severity

7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON

Details

Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials (access key) or vended credentials (temporary access key) are accessible to users that have write privilege on SQL level. This issue has been patched in version 480.

Database specific

{
    "cwe_ids": [
        "CWE-212",
        "CWE-312"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/34xxx/CVE-2026-34214.json"
}

References

Affected packages

Git / github.com/trinodb/trino

Affected ranges

Type

GIT

Repo

https://github.com/trinodb/trino

Events

Introduced

089d8afb97086c59638ed2956913b869869c9661

Fixed

0ace945c7bbffa0d89b18cbae09151f4ae293c30

Database specific

{
    "versions": [
        {
            "introduced": "439"
        },
        {
            "fixed": "480"
        }
    ]
}

Affected versions

Other

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

477-test

477-test-1

478

479

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-34214.json"