CVE-2026-42810: CWE-116 Improper Encoding or Escaping of Output in Apache Software Foundation Apache Polaris
Apache Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and `s3:prefix` conditions. In S3 IAM policy matching, `*` is treated as a wildcard rather than as ordinary text. That means temporary credentials issued for one crafted table can match the storage path of a different table. In private testing against Polaris 1.4.0 using Polaris' AWS S3 temporary- credential path on both MinIO and real AWS S3, credentials returned for crafted tables such as `f*.t1`, `f*.*`, `*.*`, and `foo.*` could reach other tables' S3 locations. The confirmed behavior includes: - reading another table's metadata control file ([Iceberg metadata JSON]); - listing another table's exact S3 table prefix ([table prefix]); - and, when write delegation was returned for the crafted table, creating and deleting an object under another table's exact S3 table prefix. A control case using ordinary different names did not allow the same cross-table access. A least-privilege AWS S3 variant was also confirmed in which the attacker principal had no Polaris permissions on the victim table and only the minimal permissions required to create and use a crafted wildcard table (namespace-scoped `TABLE_CREATE` and `TABLE_WRITE_DATA` on `*`). In that setup, direct Polaris access to `foo.t1` remained forbidden, but the attacker could still create and load `*.*`, receive delegated S3 credentials, and use those credentials to list, read, create, and delete objects under `foo.t1`. In Iceberg, the metadata JSON file is a control file: it tells readers which data files belong to the table, which snapshots exist, and which table version to read. So unauthorized access to it is already a meaningful confidentiality problem. The confirmed write-capable variant means the issue is not limited to disclosure.
AI Analysis
Technical Summary
Apache Polaris accepts literal '*' characters in namespace and table names, which are reused unescaped in temporary S3 access policies for delegated table access. In AWS S3 IAM policy matching, '*' acts as a wildcard, allowing temporary credentials issued for crafted tables to match storage paths of other tables. Testing on Polaris 1.4.0 confirmed that credentials for crafted tables like 'f*.*' or '*.*' could access other tables' S3 locations, including reading metadata control files, listing table prefixes, and performing write operations such as creating and deleting objects. This occurs even when the attacker has minimal Polaris permissions scoped to wildcard tables, bypassing intended access controls. The vulnerability is classified under CWE-116 (Improper Encoding or Escaping of Output) and CWE-20 (Improper Input Validation).
Potential Impact
The vulnerability allows unauthorized access to other tables' data and metadata in Apache Polaris by exploiting wildcard characters in table names that are improperly escaped in S3 IAM policies. This leads to confidentiality breaches through reading Iceberg metadata JSON files, which control table data visibility, and integrity breaches by enabling unauthorized creation and deletion of objects in other tables' storage locations. The issue affects the confidentiality, integrity, and availability of data stored in S3 buckets managed by Polaris. The CVSS 4.0 score is 9.4 (critical), reflecting high impact with network attack vector, low attack complexity, no user interaction, and high impacts on confidentiality, integrity, availability, and scope.
Mitigation Recommendations
Apache Polaris is a cloud-hosted service, and the vendor manages remediation server-side. A patch is available for this vulnerability. Users should verify with the official Apache Polaris advisory or vendor communications to confirm that their environment has been updated to a fixed version. No additional mitigation steps are indicated beyond applying the official fix provided by the vendor.
CVE-2026-42810: CWE-116 Improper Encoding or Escaping of Output in Apache Software Foundation Apache Polaris
Description
Apache Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and `s3:prefix` conditions. In S3 IAM policy matching, `*` is treated as a wildcard rather than as ordinary text. That means temporary credentials issued for one crafted table can match the storage path of a different table. In private testing against Polaris 1.4.0 using Polaris' AWS S3 temporary- credential path on both MinIO and real AWS S3, credentials returned for crafted tables such as `f*.t1`, `f*.*`, `*.*`, and `foo.*` could reach other tables' S3 locations. The confirmed behavior includes: - reading another table's metadata control file ([Iceberg metadata JSON]); - listing another table's exact S3 table prefix ([table prefix]); - and, when write delegation was returned for the crafted table, creating and deleting an object under another table's exact S3 table prefix. A control case using ordinary different names did not allow the same cross-table access. A least-privilege AWS S3 variant was also confirmed in which the attacker principal had no Polaris permissions on the victim table and only the minimal permissions required to create and use a crafted wildcard table (namespace-scoped `TABLE_CREATE` and `TABLE_WRITE_DATA` on `*`). In that setup, direct Polaris access to `foo.t1` remained forbidden, but the attacker could still create and load `*.*`, receive delegated S3 credentials, and use those credentials to list, read, create, and delete objects under `foo.t1`. In Iceberg, the metadata JSON file is a control file: it tells readers which data files belong to the table, which snapshots exist, and which table version to read. So unauthorized access to it is already a meaningful confidentiality problem. The confirmed write-capable variant means the issue is not limited to disclosure.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Apache Polaris accepts literal '*' characters in namespace and table names, which are reused unescaped in temporary S3 access policies for delegated table access. In AWS S3 IAM policy matching, '*' acts as a wildcard, allowing temporary credentials issued for crafted tables to match storage paths of other tables. Testing on Polaris 1.4.0 confirmed that credentials for crafted tables like 'f*.*' or '*.*' could access other tables' S3 locations, including reading metadata control files, listing table prefixes, and performing write operations such as creating and deleting objects. This occurs even when the attacker has minimal Polaris permissions scoped to wildcard tables, bypassing intended access controls. The vulnerability is classified under CWE-116 (Improper Encoding or Escaping of Output) and CWE-20 (Improper Input Validation).
Potential Impact
The vulnerability allows unauthorized access to other tables' data and metadata in Apache Polaris by exploiting wildcard characters in table names that are improperly escaped in S3 IAM policies. This leads to confidentiality breaches through reading Iceberg metadata JSON files, which control table data visibility, and integrity breaches by enabling unauthorized creation and deletion of objects in other tables' storage locations. The issue affects the confidentiality, integrity, and availability of data stored in S3 buckets managed by Polaris. The CVSS 4.0 score is 9.4 (critical), reflecting high impact with network attack vector, low attack complexity, no user interaction, and high impacts on confidentiality, integrity, availability, and scope.
Mitigation Recommendations
Apache Polaris is a cloud-hosted service, and the vendor manages remediation server-side. A patch is available for this vulnerability. Users should verify with the official Apache Polaris advisory or vendor communications to confirm that their environment has been updated to a fixed version. No additional mitigation steps are indicated beyond applying the official fix provided by the vendor.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apache
- Date Reserved
- 2026-04-30T14:22:36.663Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 69f8d219cbff5d86103970b6
Added to database: 5/4/2026, 5:06:33 PM
Last enriched: 5/4/2026, 5:21:27 PM
Last updated: 5/4/2026, 6:07:14 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.