Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
9Blast Radius
ecosystem impact- 5 maven packages depend on org.apache.polaris:polaris-runtime-service (5 direct, 0 indirect)
Ecosystem-wide dependent count for version 1.4.1.
DescriptionCVE.org
Apache Polaris can issue broad temporary ("vended") storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation becomes attacker- directed because the attacker can choose a reachable target location.
In the confirmed variant, if the caller supplies a custom location during stage create and requests credential vending, Apache Polaris uses that location to construct delegated storage credentials immediately. The stage-create path itself neither runs the normal location validation nor the overlap checks before those credentials are issued.
Closely related to that, the staged-create flow also accepts write.data.path / write.metadata.path in the request properties and feeds those location overrides into the same effective table location set used for credential vending. Those fields are secondary to the main custom-location exploit, but they are still attacker-influenced location inputs that should be validated before any credentials are issued.
AnalysisAI
Apache Polaris issues overly-permissive temporary storage credentials during staged table creation, allowing authenticated attackers to redirect vended credentials to attacker-controlled storage locations. The vulnerability stems from missing validation and overlap checks before credential issuance - attackers supply a custom 'location' parameter or 'write.data.path'/'write.metadata.path' properties that become effective immediately without verification. This enables unauthorized access to arbitrary storage resources beyond intended table boundaries, with CVSS 9.4 severity indicating high impact across confidentiality, integrity, and availability of both vulnerable and subsequent systems.
Technical ContextAI
Apache Polaris is a cloud-native catalog service for Apache Iceberg tables that manages metadata and issues temporary cloud storage credentials (likely AWS STS, Azure SAS, or GCP signed URLs) to limit data access scope. The vulnerability occurs in the staged table creation workflow where Polaris constructs delegated credentials using attacker-supplied location parameters before executing normal validation routines. This affects the credential vending mechanism that should enforce least-privilege access boundaries. The root cause is CWE-862 (Missing Authorization) - the system fails to verify authorization constraints on the storage location before issuing access tokens. The staged-create code path bypasses both location validation logic and overlap detection that would normally prevent credentials from accessing unintended storage prefixes or buckets.
RemediationAI
Apply the vendor-released patch detailed in Apache advisory https://lists.apache.org/thread/8tfsr8y7pgq6rdcvjx95hkcr47td671r immediately. Upgrade Apache Polaris to the fixed version specified in the advisory which implements proper location validation and overlap checks before credential issuance. Until patching is complete, implement these compensating controls: (1) Restrict Polaris user permissions to disable staged table creation functionality if not operationally required - this eliminates the vulnerable code path but prevents legitimate use of staging workflows; (2) Deploy cloud IAM boundary policies on the service account used by Polaris to limit maximum scope of vended credentials to known-good storage prefixes, reducing blast radius if exploitation occurs but may cause false positives for legitimate multi-bucket catalogs; (3) Enable detailed cloud storage access logging and monitor for credential usage patterns accessing unexpected buckets or paths outside normal table locations - adds detection capability but does not prevent exploitation. Review audit logs for suspicious staged table creation requests with custom location parameters between initial deployment and patch application.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27033
GHSA-8ggj-j522-h5qf