Apache Polaris issues short-lived GCS credentials scoped to a single table's files using Credential Access Boundary (CAB) with CEL conditions. The vulnerability stems from improper neutralization of special elements in the CEL expression, specifically unescaped single quotes and URI-safe fragments in namespace or table identifiers. This allows crafted identifiers to break out of the intended string context, altering the CEL condition to remove path restrictions. Testing on Polaris 1.4.0 confirmed that such crafted identifiers yield delegated credentials with access that extends across the entire configured bucket, not limited to the requested table path. This broadening of credential scope compromises the intended access control model and can lead to unauthorized data access and modification within the bucket.

The vulnerability enables an attacker to obtain delegated GCS credentials with broader access than authorized, effectively removing path restrictions within the configured bucket. This can lead to unauthorized listing, reading, creation, and deletion of objects across multiple tables and unrelated prefixes within the bucket. The impact includes potential data exposure, data integrity compromise, and unauthorized data manipulation. The CVSS 4.0 score of 9.4 reflects critical severity with network attack vector, low attack complexity, no user interaction, and high impacts on confidentiality, integrity, availability, and security requirements.

A patch is available for this vulnerability. Since Apache Polaris is a cloud service, the vendor typically manages remediation server-side. Users should consult the official Apache Polaris vendor advisory for confirmation of patch deployment and any additional mitigation steps. Until patched, avoid using untrusted or unvalidated namespace and table identifiers that could exploit this injection flaw. Monitor vendor communications for updates on the fix status and apply official patches promptly.