Apache Polaris writes metadata to attacker-chosen path (CVE-2026-42812)

Patch now - CVE-2026-42812 is a critical metadata-path bypass in Apache Polaris (Polaris-based Iceberg catalog) that lets users with table-settings permissions write table metadata to an attacker-chosen storage location and later receive temporary credentials for that unauthorized area. Patched in Polaris 1.3.1; apply the update or the configuration mitigation immediately.

Overview

CVE-2026-42812 affects Apache Polaris when it catalogs tables that use the write.metadata.path table property. This property controls where a table’s metadata files are written — the control files that tell readers which data files belong to the table and which version of the table to read.

When an attacker with ALTER TABLE-style permissions changes only this property (not performing any row-level operations), the commit-time branch that revalidates storage locations is bypassed. Polaris proceeds to write metadata to the attacker-selected path without checking whether that location is permitted by the allowedLocations admin allowlist.

For the full credential-vending variant to work, the catalog must have polaris.config.allow.unstructured.table.location=true and allowedLocations must be broad enough to include the attacker’s chosen target. However, the core defect — skipping the pre-write location check when only write.metadata.path changes — exists regardless of that configuration.

Impact

An attacker who can change table settings can cause Polaris to:

• Write table metadata to an attacker-controlled storage location (the primary defect — not just a credential leak)
• Later receive temporary cloud-storage credentials scoped to that same unauthorized location
• Potentially read, modify, or delete any data and metadata Polaris can reach at that location, including other tables’ prefixes or bucket roots depending on configuration

Severity is CRITICAL with a CVSS score of 9.9 (NETWORK, LOW complexity, LOW privileges required, NO user interaction).

Affected Versions

• Apache Polaris (Polaris-managed Iceberg catalogs) versions prior to 1.3.1

Remediation

Immediate mitigation: Set polaris.config.allow.unstructured.table.location=false in your Polaris catalog configuration. This prevents the persisted / credential-vending attack path.

Complete fix: Upgrade to Polaris 1.3.1 or later, which enforces location validation before the metadata write occurs, even when only write.metadata.path changes.

Review allowedLocations: If you use broad path patterns in your storage allowlist (e.g., entire buckets), narrow them as much as possible to limit the blast radius of any similar bypass.

Security Insight

CVE-2026-42812 follows the pattern seen in CVE-2026-34197 against Apache ActiveMQ, where a catalog or broker control-plane operation bypasses validation that a data-plane operation would receive. The root cause is a persistent class of vulnerability in distributed storage systems: separating the validation logic for “configuration change” from “data mutation” creates a gap that attackers can exploit by choosing the operation that skips the check. For organizations using Iceberg catalogs, this underscores the importance of treating metadata-path controls as security boundaries, not just configuration conveniences.

Further Reading

• Apache ActiveMQ CVE-2026-34197 added to CISA KEV catalo
• All Critical Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs