Data Exposure Vulnerability in Metabase by Metabase
CVE-2026-27464
7.7HIGH
What is CVE-2026-27464?
Metabase, an open-source data analytics tool, presents a vulnerability in specific versions where authenticated users can access sensitive information, such as database access credentials. This occurs through template evaluation, allowing even low-privileged users to extract critical data in the email body. The issue affects versions prior to 0.57.13 and versions 0.58.x up to 0.58.6. Users are encouraged to upgrade to the latest versions (0.57.13 and 0.58.7) or disable notifications to prevent unauthorized access.
Affected Version(s)
metabase < 0.57.13 < 0.57.13
metabase >= 0.58.x, < 0.58.7 < 0.58.x, 0.58.7
