Skip to main content

CVE-2026-34214

| EUVDEUVD-2026-17459 HIGH
Improper Removal of Sensitive Information Before Storage or Transfer (CWE-212)
2026-03-29 https://github.com/trinodb/trino GHSA-x27p-5f68-m644
7.7
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.7 HIGH
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 29, 2026 - 15:30 euvd
EUVD-2026-17459
Analysis Generated
Mar 29, 2026 - 15:30 vuln.today
CVE Published
Mar 29, 2026 - 15:13 nvd
HIGH 7.7

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 maven packages depend on io.trino:trino-iceberg (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 439.

DescriptionGitHub Advisory

Summary

Iceberg connector REST catalog static credentials (access key) or vended credentials (temporary access key) are accessible to users that have write privilege on SQL level.

Details

Iceberg REST catalog typically needs access to object storage. This access can be configured in multiple different ways. When storage access is achieved by static credentials (e.g. AWS S3 access key) or vended credentials (temporary access key).

Query JSON is a query visualization and performance troubleshooting facility. It includes serialized query plan and handles for table writes or execution of table procedures. A user that submitted a query has access to query JSON for their query. Query JSON is available from Trino UI or via /ui/api/query/«query_id» and /v1/query/«query_id» endpoints.

The storage credentials are stored in those handles when performing write operations, or table maintenance operations. They are serialized in query JSON. A user with write access to data in Iceberg connector configured to use REST Catalog with static or vended credentials can retrieve those credentials.

Impact

Anyone using Iceberg REST catalog with static or vended credentials is impacted. The credentials should be considered compromised. Vended credentials are temporary in nature so they do not need to be rotated. However, underlying data could have been exposed.

AnalysisAI

Trino's Iceberg connector leaks AWS S3 access credentials through query JSON endpoints, allowing authenticated users with write privileges to extract static or temporary credentials used for object storage access. The vulnerability exposes credentials via the query visualization API (/ui/api/query/ and /v1/query/ endpoints) when users perform write or table maintenance operations. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as user with SQL write privilege
Exploit
Access Iceberg REST catalog configuration
Execution
Extract static or vended credentials from query JSON
Impact
Use credentials to access object storage

Vulnerability AssessmentAI

Exploitation Requires Iceberg connector REST catalog configured with static AWS S3 credentials or temporary vended credentials for object storage access. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This vulnerability presents moderate-to-high real-world risk despite the 7.7 CVSS score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated Trino user with write privileges on Iceberg tables initiates a routine INSERT operation or table maintenance procedure such as OPTIMIZE or DELETE. After query completion, the attacker accesses their own query details via the Trino web UI or directly calls the /v1/query/[query_id] REST endpoint using their valid session credentials. …
Remediation Vendor-released patch: version 480. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all Trino deployments using Iceberg connectors and identify which systems expose /ui/api/query/ or /v1/query/ endpoints. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-34214 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy