Polaris bucket-wide credential leak (CVE-2026-42811)

Patch now - CVE-2026-42811 is a critical credential-broadening vulnerability in Apache Polaris 1.4.0 that lets an attacker with low privileges obtain temporary Google Cloud Storage credentials valid across an entire bucket rather than just the authorized table’s files. Patched in Polaris 1.5.0 - update immediately.

Overview

Apache Polaris, an open-source catalog for Apache Iceberg, issues short-lived Google Cloud Storage (GCS) credentials intended to restrict access to a single table’s storage path. It builds these credentials by constructing a Credential Access Boundary (CAB) using Common Expression Language (CEL) conditions that embed the table path from namespace and table identifiers. The vulnerability arises because the table path is inserted directly into the CEL expression without any escaping or sanitization.

An attacker with low privileges who can create or rename a namespace or table with a crafted name containing a single quote (') and URI-safe CEL fragments can break out of the intended quoted string in the CEL condition. In confirmed testing against Polaris 1.4.0 on real GCS, a crafted table name caused the path restriction to collapse entirely, making the delegated credentials effectively bucket-wide. The attacker could then list objects under any table’s prefix, read and write Iceberg metadata files, and create or delete objects under unrelated prefixes within the same configured bucket.

This is not merely a “cross-table” bypass - the credentials grant full read and write access to the entire bucket, including objects outside any table’s scope. While the issue was confirmed only with a Polaris principal holding broad catalog privileges, the credential-broadening behavior itself is a direct result of the unescaped CEL construction and is not dependent on RBAC permissions.

CVSS: 9.9 (Critical)

• Attack Vector: NETWORK
• Attack Complexity: LOW
• Privileges Required: LOW
• User Interaction: NONE

Affected Versions

• Apache Polaris 1.4.0 and earlier
• Not yet tested on other cloud storage backends, but GCS integration is confirmed vulnerable

Remediation

Immediate Action: Upgrade to Apache Polaris 1.5.0, which includes a fix that properly escapes namespace and table identifiers before inserting them into CEL conditions. Download the latest release from the Apache Polaris downloads page.

Mitigation (if upgrade is not immediately possible):

• Restrict namespace and table creation privileges to trusted administrators only
• Validate that no existing namespaces or tables contain single quotes or CEL special characters in their names
• Monitor GCS bucket access logs for anomalous credential usage patterns - look for multiple object prefixes being accessed by a single set of temporary credentials

Related Resources

• Weekly Threat Roundup: Apache & cPanel Zero-Days (Apr 27 - May 3)
• SAP npm packages compromised in credential-stealing att
• TeamPCP Supply Chain Campaign: Update 008 - 26-Day Paus

Security Insight

This vulnerability is a textbook example of injection in an unexpected context - cloud authorization policies rather than SQL or OS commands. It mirrors past incidents where Kubernetes RBAC bypasses occurred through crafted resource names, and underscores a broader pattern: as cloud-native systems adopt policy-as-code languages like CEL, OPA, or Rego, input sanitization must extend to every place user-controlled values touch policy expressions. Apache Polaris’s fix should serve as a cautionary template for any system that programmatically generates cloud credential boundaries from user-supplied identifiers.

Further Reading

• Weekly Threat Roundup: Apache & cPanel Zero-Days (Apr 27 - May 3)
• SAP npm packages compromised in credential-stealing att
• TeamPCP Supply Chain Campaign: Update 008 - 26-Day Paus
• All Critical Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs