CVE-2026-27478 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog…
Critical CVSS: 9.1

CVE-2026-27478

Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint (/api/1.0/unity-control/auth/tokens). The endpoint extracts the issuer (iss) claim from incoming JWTs and uses it to dynamically fetch the JWKS endpoint for signature validation without validating that the issuer is a trusted identity provider.
Vendor
Unitycatalog
Product
Unitycatalog
CWE
CWE-290
Yayın Tarihi
2026-03-11 20:16:14
Güncelleme
2026-03-16 20:24:07
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-290 Unitycatalog CRITICAL Unitycatalog 2026

Referanslar

https://github.com/unitycatalog/unitycatalog/security/advisories/GHSA-qqcj-rghw-829x