Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-50147— Metabase: Arbitrary File Read via MySQL Connection Property Injection

CVSS 7.6 · High EPSS 0.20% · P10

Possible ATT&CK Techniques 1AI

T1005 · Data from Local System

Affected Version Matrix 4

VendorProductVersion RangeStatus
metabasemetabase>= 1.57.0, < 1.57.19.1affected
>= 1.58.0, < 1.58.14.1affected
>= 1.59.0, < 1.59.10affected
>= 1.60.0, < 1.60.4affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-50147

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Metabase: Arbitrary File Read via MySQL Connection Property Injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
Metabase is an open-source business intelligence and embedded analytics tool. From 1.57.0 until 1.57.19.1, 1.58.14.1, 1.59.10, and 1.60.4, an attacker who can configure a Metabase database connection can read arbitrary files from the Metabase server's filesystem by adding unsafe JDBC parameters to a MySQL or MariaDB connection, causing the driver to read files from the Metabase host and expose the contents through queries against the connected database or through validation error messages. This issue is fixed in versions 1.57.19.1, 1.58.14.1, 1.59.10, and 1.60.4.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
参数注入或修改
Source: NVD (National Vulnerability Database)
Vulnerability Title
Metabase 命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Metabase是美国Metabase公司开源的一个开源数据分析平台。 Metabase存在命令注入漏洞,该漏洞源于向MySQL或MariaDB连接添加不安全的JDBC参数,导致攻击者可以读取Metabase服务器文件系统中的任意文件。以下版本受到影响:1.57.0版本至1.57.19.1之前版本、1.58.0版本至1.58.14.1之前版本、1.59.0版本至1.59.10之前版本和1.60.0版本至1.60.4之前版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
metabasemetabase >= 1.57.0, < 1.57.19.1 -

II. Public POCs for CVE-2026-50147

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-50147

登录查看更多情报信息。

Vendor Advisories for CVE-2026-50147 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2026-50147

No comments yet


Leave a comment