CVE Vulnerability in Metabase Affected by Unsafe H2 Connection Properties
CVE-2026-59826
9.1CRITICAL
What is CVE-2026-59826?
Metabase, an open-source business intelligence and analytics tool, experienced a significant vulnerability involving improper validation of H2 connection properties. Any authenticated administrator could register a malicious H2 database connection, leading to the potential execution of arbitrary Java code on the Metabase server. This vulnerability affects specific versions and is addressed in subsequent updates, enhancing the overall security of the platform.
Affected Version(s)
metabase >= 1.55.0, < 1.58.15.1 < 1.55.0, 1.58.15.1
metabase >= 1.59.0, < 1.59.12 < 1.59.0, 1.59.12
metabase >= 1.60.0, < 1.60.6.3 < 1.60.0, 1.60.6.3
