CVE-2026-42809 Overview
CVE-2026-42809 affects Apache Polaris, an open-source catalog for Apache Iceberg. The flaw resides in the staged table creation flow, where Polaris issues delegated ("vended") storage credentials before validating the requested table location. An authenticated attacker can supply an arbitrary location, write.data.path, or write.metadata.path value during stage-create and receive scoped temporary credentials targeting that attacker-chosen location. Because the location is never checked for validity or overlap with existing tables, the resulting credentials grant access to data and metadata outside the caller's intended boundary. The issue is tracked as an input validation flaw [CWE-20].
Critical Impact
Authenticated callers can obtain delegated cloud storage credentials directed at attacker-controlled paths, leading to unauthorized read/write access to Iceberg table data and metadata.
Affected Products
- Apache Polaris (staged table creation flow with credential vending enabled)
- Deployments accepting custom location parameters during stage-create
- Deployments honoring write.data.path and write.metadata.path request properties
Discovery Timeline
- 2026-05-04 - CVE-2026-42809 published to the National Vulnerability Database
- 2026-05-05 - Last updated in NVD database
Technical Details for CVE-2026-42809
Vulnerability Analysis
Apache Polaris brokers access to object storage by issuing short-lived, scoped credentials tied to a table's effective location. The staged table creation path issues these credentials before the location is validated. The scope-limiting mechanism is therefore controlled by the attacker, not the catalog. A caller with permission to create staged tables can request credential vending against any reachable storage path the underlying principal can reach.
The weakness violates the catalog's central trust assumption that vended credentials are always bounded by catalog-enforced policy. The vulnerability is classified as Improper Input Validation [CWE-20] and impacts confidentiality, integrity, and availability of stored table data.
Root Cause
The stage-create handler constructs delegated storage credentials immediately from the caller-supplied location. The handler skips two checks normally enforced on table creation: location validation against allowed namespaces or storage configurations, and overlap checks against existing tables. The same code path also accepts write.data.path and write.metadata.path from request properties and merges them into the effective location set used for credential vending, without prior validation.
Attack Vector
An authenticated user with stage-create privileges sends a create request specifying a custom location pointing to a storage prefix they should not access. The user requests credential vending in the same call. Polaris responds with temporary credentials scoped to that path. The attacker then uses those credentials directly against the cloud storage endpoint to read or overwrite Iceberg data or metadata files belonging to other tables. Secondary variants exploit write.data.path and write.metadata.path overrides for the same effect.
No public proof-of-concept is currently linked in the advisory. Refer to the Apache Mailing List Discussion and the OpenWall Security Mailing List post for technical details.
Detection Methods for CVE-2026-42809
Indicators of Compromise
- Stage-create API calls containing a custom location value that does not match the namespace's configured storage prefix.
- Create-table requests including write.data.path or write.metadata.path properties referencing unexpected buckets or prefixes.
- Credential vending responses issuing tokens scoped to paths overlapping existing tables owned by other principals.
- Cloud storage access logs showing reads or writes from Polaris-issued temporary credentials against objects not owned by the requesting user.
Detection Strategies
- Correlate Polaris audit logs of stage-create calls with downstream cloud storage access logs (AWS CloudTrail, Azure Storage logs, GCP audit logs) to identify mismatches between the requesting principal and the accessed prefix.
- Alert on any stage-create request where the location, write.data.path, or write.metadata.path field is present, especially from non-administrative roles.
- Baseline the set of legitimate storage prefixes per namespace and flag credential vending events targeting paths outside that baseline.
Monitoring Recommendations
- Forward Polaris REST catalog access logs to a centralized analytics platform and retain credential-vending events for forensic review.
- Monitor short-lived credential issuance volume per user; sudden increases may indicate enumeration of reachable storage paths.
- Track Iceberg metadata file modifications to detect tampering performed via attacker-directed credentials.
How to Mitigate CVE-2026-42809
Immediate Actions Required
- Upgrade Apache Polaris to the fixed release once published by the project; track the Apache Mailing List Discussion for version details.
- Restrict the principals authorized to create staged tables and to request credential vending to a minimal trusted set.
- Audit recent stage-create calls and revoke any long-lived storage credentials that may have been chained from vended tokens.
Patch Information
Apache Polaris maintainers have announced the issue on the project mailing list. Apply the upstream fix that enforces location validation and overlap checks before any credentials are issued during the stage-create flow. Confirm the patched build also validates write.data.path and write.metadata.path request properties.
Workarounds
- Disable credential vending on the staged-create path until the patched release is deployed.
- Configure storage backends so that the catalog's underlying IAM principal cannot reach prefixes outside the catalog's managed namespaces, limiting the blast radius of attacker-directed scoping.
- Reject create-table requests at an API gateway when they include caller-supplied location, write.data.path, or write.metadata.path fields.
- Rotate the cloud IAM role or service principal used by Polaris to invalidate any credentials previously issued through the vulnerable path.
# Example gateway rule to reject attacker-influenced location overrides
# (pseudo-config; adapt to your reverse proxy or API gateway syntax)
if ($request_body ~* '"(location|write\.data\.path|write\.metadata\.path)"\s*:') {
return 403 "location overrides disabled pending CVE-2026-42809 patch";
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
