CVE-2026-34214

EPSS 0.02%
Veröffentlicht 31.03.2026 14:14:47
Zuletzt bearbeitet 06.04.2026 16:53:34
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials (access key) or vended credentials (temporary access key) are accessible to users that have write privilege on SQL level. This issue has been patched in version 480.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Trino ≫ Trino Version >= 439 < 480

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.033

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	7.7	3.1	4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://github.com/trinodb/trino/security/advisories/GHSA-x27p-5f68-m644

Vendor Advisory

https://github.com/trinodb/trino/releases/tag/480

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2026-34214

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-34214

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-34214

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-34214