CVE-2026-27464
Metabase: Server-Side Template Injection via Notifications Endpoint Leads to RCE
CVSS Score
7.7
EPSS Score
0.0%
EPSS Percentile
0th
Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0.58.6, authenticated users are able to retrieve sensitive information from a Metabase instance, including database access credentials. During testing, it was confirmed that a low-privileged user can extract sensitive information including database credentials, into the email body via template evaluation. This issue has been fixed in versions 0.57.13 and 0.58.7. To workaround this issue, users can disable notifications in their Metabase instance to disallow access to the vulnerable endpoints.
| CWE | CWE-1336 CWE-94 |
| Vendor | metabase |
| Product | metabase |
| Published | Feb 21, 2026 |
| Last Updated | Feb 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for metabase metabase
Be the first to know when new high vulnerabilities affecting metabase metabase are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
metabase / metabase
< 0.57.13 >= 0.58.x, < 0.58.7