CyberRota
← Ana sayfaya dön

CVE-2026-50147

HIGH · CVSS 7.6 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-15T16:16:47.830 · Çekilme zamanı: 2026-07-15T18:36:06.924294+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

GitHub PoC Linkleri

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-50147
Severity
HIGH
CVSS
7.6
EPSS
Yok

Orijinal NVD Açıklaması

Metabase is an open-source business intelligence and embedded analytics tool. From 1.57.0 until 1.57.19.1, 1.58.14.1, 1.59.10, and 1.60.4, an attacker who can configure a Metabase database connection can read arbitrary files from the Metabase server's filesystem by adding unsafe JDBC parameters to a MySQL or MariaDB connection, causing the driver to read files from the Metabase host and expose the contents through queries against the connected database or through validation error messages. This issue is fixed in versions 1.57.19.1, 1.58.14.1, 1.59.10, and 1.60.4.