Polaris leaks broad cloud credentials (CVE-2026-42809)

Patch now - CVE-2026-42809 is a critical credential-theft flaw in Apache Polaris 0.3.x that grants unauthenticated attackers broad access to cloud storage buckets by exploiting the staged table creation flow.

Overview

CVE-2026-42809 is a logic flaw in Apache Polaris’s credential vending mechanism. When a user creates a staged table and provides a custom location parameter, the system issues vended storage credentials (temporary tokens for S3/GCS) before validating that the location is within allowed boundaries. An attacker can supply an arbitrary storage path, such as a different customer’s bucket or a sensitive internal prefix, and receive credentials scoped to that attacker-chosen location.

The vulnerability also accepts write.data.path and write.metadata.path properties as alternate input vectors, further widening the pool of unchecked location inputs.

Impact

A low-privileged attacker can exfiltrate or overwrite any data stored in cloud object stores that the Polaris service account can reach. In multi-tenant deployments, this crosses tenant isolation boundaries, allowing unauthorized access to another tenant’s tables and metadata.

CVSS 9.9 (CRITICAL) reflects the network-based, low-complexity exploitation requiring only LOW privileges and no user interaction. The only meaningful mitigations are network-level egress controls on the Polaris server.

Remediation

Upgrade to Apache Polaris 0.3.1 immediately. This release adds location validation and overlap checks before credentials are issued for staged table creation.

If upgrading is not immediately possible, restrict location, write.data.path, and write.metadata.path parameters at your API gateway or enforce strict egress firewall rules on the Polaris server to permitted storage endpoints only. Monitor audit logs for unexpected stage_create API calls with custom location parameters.

Security Insight

CVE-2026-42809 follows the same pattern as Apache ActiveMQ CVE-2026-34197 - a configuration-time validation gap that vendors and attackers alike are learning to exploit. When a service can delegate its own credentials to an unvalidated user-supplied path, the result is effectively a confused-deputy attack on the cloud control plane. Polaris’s fix addresses the immediate symptom, but the architecture of credential vending before location binding merits a deeper review across all Apache storage-oriented projects.

Further Reading

• Apache ActiveMQ CVE-2026-34197 added to CISA KEV catalo
• All Critical Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs