CVE-2026-34214

Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials (access key) or vended credentials (temporary access key) are accessible to users that have write privilege on SQL level. This issue has been patched in version 480.

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/trinodb/trino/releases/tag/480	Release Notes
https://github.com/trinodb/trino/security/advisories/GHSA-x27p-5f68-m644	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:trino:trino:*:*:*:*:*:*:*:*

History

06 Apr 2026, 16:53

Type	Values Removed	Values Added
CPE		cpe:2.3:a:trino:trino::::::::
First Time		Trino trino Trino
References	~~() https://github.com/trinodb/trino/releases/tag/480 -~~	() https://github.com/trinodb/trino/releases/tag/480 - Release Notes
References	~~() https://github.com/trinodb/trino/security/advisories/GHSA-x27p-5f68-m644 -~~	() https://github.com/trinodb/trino/security/advisories/GHSA-x27p-5f68-m644 - Vendor Advisory

31 Mar 2026, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-31 15:16

Updated : 2026-04-06 16:53

NVD link : CVE-2026-34214

Mitre link : CVE-2026-34214

CVE.ORG link : CVE-2026-34214

JSON object : View

Products Affected

trino

trino

CWE

CWE-212

Improper Removal of Sensitive Information Before Storage or Transfer

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2026-34214", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2026-03-31T15:16:18.400", "references": [{"url": "https://github.com/trinodb/trino/releases/tag/480", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/trinodb/trino/security/advisories/GHSA-x27p-5f68-m644", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-212"}, {"lang": "en", "value": "CWE-312"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials (access key) or vended credentials (temporary access key) are accessible to users that have write privilege on SQL level. This issue has been patched in version 480."}], "lastModified": "2026-04-06T16:53:34.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trino:trino:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03F5711B-7D03-4946-B983-27054B68A81A", "versionEndExcluding": "480", "versionStartIncluding": "439"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}