CVE-2026-34214 identifies a vulnerability in Trino versions 439 through 479 where the Iceberg connector REST catalog credentials—specifically static access keys and temporary vended credentials—are improperly exposed to users who have write privileges at the SQL level. Trino is widely used for distributed SQL querying in big data environments, and the Iceberg connector facilitates interaction with Iceberg tables via REST APIs. The vulnerability stems from improper removal or protection of sensitive information before storage or transfer, categorized under CWE-212 (Improper Removal of Sensitive Information) and CWE-312 (Cleartext Storage of Sensitive Information). This flaw allows users with write privileges, who normally should not have access to these credentials, to retrieve them, potentially enabling unauthorized access to backend storage or cloud resources. The CVSS 3.1 score of 7.7 reflects a high severity due to network exploitability (AV:N), low attack complexity (AC:L), and the requirement of privileges (PR:L) but no user interaction (UI:N). The scope is changed (S:C) because the vulnerability affects resources beyond the initially vulnerable component, and the impact on confidentiality is high (C:H), while integrity and availability remain unaffected (I:N, A:N). No known exploits have been reported in the wild yet. The issue was addressed in Trino version 480 by properly securing or removing sensitive credentials from exposure to unauthorized users.

The primary impact of this vulnerability is the unauthorized disclosure of sensitive access credentials used by the Iceberg connector in Trino. Attackers or malicious insiders with write-level SQL privileges can extract static or temporary access keys, potentially gaining unauthorized access to backend storage systems or cloud services integrated with Trino. This can lead to data breaches, unauthorized data exfiltration, or further lateral movement within an organization's infrastructure. Since Trino is often deployed in large-scale data analytics environments, the exposure of these credentials could compromise critical business intelligence data and cloud resources. Although the vulnerability does not directly affect data integrity or system availability, the confidentiality breach alone poses significant risks to organizations relying on Trino for secure data processing. The lack of required user interaction and low attack complexity increases the likelihood of exploitation in environments where write privileges are granted too broadly.

Organizations should immediately upgrade affected Trino instances to version 480 or later, where this vulnerability has been patched. Until the upgrade is possible, restrict SQL write privileges strictly to trusted users and audit existing permissions to minimize exposure. Implement monitoring and alerting for unusual access patterns or credential usage related to the Iceberg connector. Additionally, rotate any exposed access keys or temporary credentials to invalidate potentially compromised secrets. Employ network segmentation and access controls to limit the ability of users with write privileges to access sensitive backend systems directly. Review and enhance credential management practices to ensure sensitive information is never exposed at the SQL layer or in logs. Finally, consider deploying runtime security tools that can detect anomalous queries or attempts to access credential information within Trino environments.