CVE-2026-42812 — AI Deep Analysis Summary

🚨 **Essence**: Apache Polaris skips critical security checks when modifying `write.metadata.path`. <br>💥 **Consequences**: Attackers can force metadata writes to unauthorized storage locations.…

🛡️ **CWE**: CWE-863 (Incomplete External Control of Path). <br>🔍 **Flaw**: The code path for `ALTER TABLE`-style updates to `write.metadata.path` bypasses the storage location re-validation step.…

📦 **Vendor**: Apache Software Foundation. <br>📦 **Product**: Apache Polaris (specifically when managing Apache Iceberg tables).…

🕵️ **Privileges**: Requires **L**ow privileges (PR:L) – ability to modify table settings via `ALTER TABLE`. <br>📊 **Data Impact**: **H**igh impact on Confidentiality, Integrity, and Availability.…

⚖️ **Threshold**: **Medium**. <br>🔑 **Auth**: Needs user-level access to change table properties. <br>⚙️ **Config**: Exploitation is easier if `allow.unstructured.table.location=true` and `allowedLocations` is wide.…

🚫 **Public Exp?**: **No**. The `pocs` field is empty. <br>🌍 **Wild Exp**: Unlikely at this stage.…

🔍 **Self-Check**: <br>1. Check if `polaris.config.allow.unstructured.table.location=true`. <br>2. Review `allowedLocations` for overly broad prefixes (e.g., bucket roots). <br>3.…

🩹 **Fix Status**: **Unknown/Not Mentioned**. The data shows a published date of May 2026, but no patch version or mitigation link is provided in the `references` or `pocs`.…

🛡️ **Workaround**: <br>1. Set `polaris.config.allow.unstructured.table.location=false`. <br>2. Restrict `allowedLocations` to specific, narrow paths. <br>3.…

🔥 **Urgency**: **HIGH**. <br>📈 **Priority**: CVSS 3.1 Vector indicates **Critical** potential (S:C, C:H, I:H, A:H). <br>⏳ **Action**: Immediately review table property permissions and storage location whitelists.…