File Reading Vulnerability in Metabase by Metabase, Inc.
CVE-2026-50147
7.6HIGH
What is CVE-2026-50147?
An issue in Metabase allows attackers to read arbitrary files from the server's filesystem by exploiting improper handling of JDBC parameters in database connections. This vulnerability affects various versions of the Metabase tool, enabling unauthorized access to sensitive files. By manipulating MySQL or MariaDB connections, attackers can retrieve internal data through error messages or direct queries from the affected database.
Affected Version(s)
metabase >= 1.57.0, < 1.57.19.1 < 1.57.0, 1.57.19.1
metabase >= 1.58.0, < 1.58.14.1 < 1.58.0, 1.58.14.1
metabase >= 1.59.0, < 1.59.10 < 1.59.0, 1.59.10
