CVE-2026-22805

Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be potentially impacted if their Metabase is colocated with other unsecured resources. This vulnerability is fixed in 55.13, 56.3, and 57.1.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/metabase/metabase/security/advisories/GHSA-2wgg-7r2p-cmqx	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:metabase:metabase:::::-:::*
	cpe:2.3:a:metabase:metabase:::::enterprise:::*
	cpe:2.3:a:metabase:metabase:::::-:::*
	cpe:2.3:a:metabase:metabase:::::enterprise:::*
	cpe:2.3:a:metabase:metabase:0.57.0:beta:::-:::*
	cpe:2.3:a:metabase:metabase:1.57.0:beta:::enterprise:::*

History

10 Apr 2026, 14:55

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.6
First Time		Metabase Metabase metabase
CPE		cpe:2.3:a:metabase:metabase:::::-:::* cpe:2.3:a:metabase:metabase:::::enterprise:::* cpe:2.3:a:metabase:metabase:1.57.0:beta:::enterprise:::* cpe:2.3:a:metabase:metabase:0.57.0:beta:::-:::*
References	~~() https://github.com/metabase/metabase/security/advisories/GHSA-2wgg-7r2p-cmqx -~~	() https://github.com/metabase/metabase/security/advisories/GHSA-2wgg-7r2p-cmqx - Mitigation, Vendor Advisory
Summary		(es) Metabase es una plataforma de análisis de datos de código abierto. Antes de 55.13, 56.3 y 57.1, las instancias de Metabase autoalojadas que permiten a los usuarios crear suscripciones podrían verse potencialmente afectadas si su Metabase está coubicada con otros recursos no seguros. Esta vulnerabilidad está corregida en 55.13, 56.3 y 57.1.

12 Jan 2026, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-12 23:15

Updated : 2026-04-10 14:55

NVD link : CVE-2026-22805

Mitre link : CVE-2026-22805

CVE.ORG link : CVE-2026-22805

JSON object : View

Products Affected

metabase

metabase

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2026-22805", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-12T23:15:53.217", "references": [{"url": "https://github.com/metabase/metabase/security/advisories/GHSA-2wgg-7r2p-cmqx", "tags": ["Mitigation", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be potentially impacted if their Metabase is colocated with other unsecured resources. This vulnerability is fixed in 55.13, 56.3, and 57.1."}, {"lang": "es", "value": "Metabase es una plataforma de an\u00e1lisis de datos de c\u00f3digo abierto. Antes de 55.13, 56.3 y 57.1, las instancias de Metabase autoalojadas que permiten a los usuarios crear suscripciones podr\u00edan verse potencialmente afectadas si su Metabase est\u00e1 coubicada con otros recursos no seguros. Esta vulnerabilidad est\u00e1 corregida en 55.13, 56.3 y 57.1."}], "lastModified": "2026-04-10T14:55:49.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "F4A0D575-8CFF-4FFD-8139-C8AB9A2FBC08", "versionEndExcluding": "0.55.13"}, {"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "40AAAF84-1F5E-4A75-84BA-A42A95AE1930", "versionEndExcluding": "1.55.13"}, {"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "38B54579-0285-4B58-A30F-1ECCAA9C6F40", "versionEndExcluding": "0.56.3", "versionStartIncluding": "0.56.0"}, {"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "A939F298-EE96-4017-8322-192BA080F500", "versionEndExcluding": "1.56.3", "versionStartIncluding": "1.56.0"}, {"criteria": "cpe:2.3:a:metabase:metabase:0.57.0:beta:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "6205A3AA-7DDB-4450-9340-61EACE075F0C"}, {"criteria": "cpe:2.3:a:metabase:metabase:1.57.0:beta:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "F7765873-8C95-4AF8-A756-23C8AD7A1074"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}