Apache Polaris flaws let low-privileged users mint bucket-wide GCS credentials
Apache disclosed two important-severity vulnerabilities in Apache Polaris fixed in version 1.4.1 that can let an authenticated low-privileged user obtain overly broad temporary Google Cloud Storage credentials. In CVE-2026-42809, Polaris can vend delegated storage credentials during staged table creation before validating or reserving the requested location, allowing an attacker to supply a custom location and receive access for an attacker-chosen path. The staged-create flow also accepts write.data.path and write.metadata.path properties that can further influence the effective table location used for credential vending.
In CVE-2026-42811, Polaris incorrectly builds Credential Access Boundary CEL conditions for downscoped GCS credentials by inserting namespace and table-derived paths without escaping. Apache said a crafted namespace or table identifier can break out of the intended quoted string and collapse the path restriction, causing credentials meant for one table to work across the configured bucket. Private testing against Polaris 1.4.0 on real GCS showed the returned credentials could list, read, create, and delete objects under other table prefixes and unrelated external prefixes in the same bucket, making the practical impact effectively bucket-wide access within that bucket.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Private testing confirms bucket-wide GCS access via CVE-2026-42811
Testing against Polaris 1.4.0 on real Google Cloud Storage confirmed that a crafted identifier could collapse path restrictions in delegated credentials. The returned credentials allowed listing, reading, creating, and deleting objects under other table prefixes and unrelated external prefixes in the same bucket.
Apache discloses CVE-2026-42811 affecting Polaris GCS credential scoping
Apache disclosed CVE-2026-42811, an important-severity vulnerability in Apache Polaris before version 1.4.1 involving Google Cloud Storage downscoped credentials. Crafted namespace or table identifiers could break the intended CEL-based restriction and broaden temporary credentials to effectively bucket-wide access within the configured bucket.
Apache discloses CVE-2026-42809 in Polaris staged table creation
Apache disclosed CVE-2026-42809, an important-severity flaw in Apache Polaris before version 1.4.1. An authenticated low-privileged user could abuse staged table creation to obtain broad temporary storage credentials for an attacker-chosen location before Polaris validates or reserves it.
Apache fixes Polaris credential-vending flaws in version 1.4.1
Apache states that vulnerabilities affecting Apache Polaris versions before 1.4.1 were fixed in release 1.4.1. The fixes address improper temporary storage credential scoping issues, including staged table creation abuse and GCS access-boundary manipulation.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
CVE-2026-42811 - Apache Polaris: could broaden vended GCS credentials through unescaped identifier content in access-boundary CEL conditions
cvefeed.io
Open sourceoss-sec: CVE-2026-42809: Apache Polaris: An authenticated low-privileged user can abuse Polaris staged table creation to mint broad temporary storage credentials for an attacker-chosen location before Polaris validates that location
seclists.org
Open sourceoss-sec: CVE-2026-42811: Apache Polaris: In plain terms, Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead.
seclists.org
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Apache Polaris flaw lets attackers redirect metadata writes and obtain cloud credentials
Apache disclosed **CVE-2026-42812**, an important-severity vulnerability in Apache Polaris before **1.4.1** that fails to enforce validation on the `write.metadata.path` table property during certain ALTER TABLE-style updates. By changing only that property, a user can cause Polaris to write Apache Iceberg table metadata to an attacker-chosen reachable storage location instead of the intended validated path. In deployments where `polaris.config.allow.unstructured.table.location=true` and `allowedLocations` is broadly configured, the malicious path can be saved and later used by table-load and credential APIs to obtain temporary cloud-storage credentials for that same location without revalidation. Apache warned this can expose or enable modification, corruption, or deletion of data and metadata beyond the targeted table, potentially affecting other prefixes or even bucket or container roots depending on configuration and provider behavior; the underlying validation bypass still exists even when unstructured table locations are disabled, though later checks may prevent the unsafe path from being persisted.
May 4, 2026
Apache Polaris Flaws Expose Overbroad S3 Credentials for Cross-Table Access
Apache Polaris disclosed two high-severity vulnerabilities that can cause the platform to vend overly broad temporary storage credentials, allowing low-privileged users to reach data outside their intended scope. In **CVE-2026-42810**, Polaris versions before `1.4.1` accept literal `*` characters in namespace and table names and then reuse them unescaped when building delegated AWS S3 access policies. Because S3 IAM treats `*` as a wildcard, credentials issued for crafted names such as `f*.t1`, `f*.*`, `*.*`, and `foo.*` were shown in testing to match other tables’ S3 paths on both **AWS S3** and **MinIO**.
May 4, 2026
Multiple Critical Vulnerability Disclosures Across Gogs, Jinjava, and Kubernetes Local Path Provisioner
Several **high-severity vulnerability disclosures** were published across widely used developer and infrastructure components, with impacts ranging from **remote code execution (RCE)** to **account takeover** and **arbitrary host file writes**. In *Gogs* (self-hosted Git service), three CVEs were reported: **CVE-2025-64111** (CVSS 9.3) enables RCE by bypassing checks in `UpdateRepoFile` to modify `.git/config` via the API (described as an insufficient fix for an earlier issue); **CVE-2025-64175** (CVSS 7.7) allows a **cross-account 2FA recovery-code bypass** in versions `0.13.3` and earlier if an attacker already has a victim’s username/password; and **CVE-2026-24135** (CVSS 7.2) is a wiki rename path traversal that can delete arbitrary files by manipulating `old_title`. Separately, *Jinjava* (HubSpot CMS template engine) disclosed **CVE-2026-25526** (CVSS 9.8), a sandbox escape chain that permits arbitrary Java code execution by abusing `ForTag` iteration behavior (Bean ELResolver restriction bypass) and `ObjectMapper`-based JSON deserialization to instantiate disallowed classes. A critical Kubernetes storage issue was also disclosed in *Kubernetes Local Path Provisioner*: **CVE-2025-62878** (CVSS 10.0) allows directory traversal via the `parameters.pathPattern` setting, enabling a user who can create storage resources to provision volumes in arbitrary host locations (e.g., `/etc`) and potentially overwrite sensitive files on cluster nodes. In parallel to these product flaws, separate research reported widespread **exposure of Git metadata** on the public internet—approximately **4.96 million** IPs with accessible `.git` directories and **250,000+** exposing `.git/config` files that may contain deployment credentials—highlighting a common, high-impact misconfiguration pattern that can enable source code reconstruction and secret theft. Active exploitation activity was reported for *Ivanti Endpoint Manager Mobile (EPMM)* involving **CVE-2026-1281** and **CVE-2026-1340**, where attackers were observed dropping `/mifs/403.jsp` and using a Base64-delivered Java class loader designed for delayed, in-memory activation rather than immediate interactive webshell use.
Mar 21, 2026