top of page
perceptive_background_267k.jpg

Apache Polaris accepts literal `*` characters in namespace and table names. When it
later builds temporary S3 access policies for delegated table access, those

Published:

3 mei 2026 om 22:00:00

Alert date:

4 mei 2026 om 18:09:25

Source:

nvd.nist.gov

Click to open the original link from this advisory

Cloud & Virtualization, Identity & Access, Database & Storage

Apache Polaris accepts literal asterisk characters in namespace and table names, which are later reused unescaped in S3 IAM resource patterns. This allows attackers to create crafted table names that act as wildcards in IAM policies, enabling unauthorized access to other tables' S3 locations. The vulnerability affects Polaris 1.4.0 and allows reading metadata files, listing table prefixes, and creating/deleting objects in other tables' storage paths. Attackers can exploit this with minimal permissions to access tables they should not have access to.

Technical details

Mitigation steps:

Affected products:

Apache Polaris

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-42810
https://lists.apache.org/thread/gg3qq9sqg4hdjmprqy46p40xmln61dm9

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page