HIGH
open-metadata
CVE published 2026-06-08
CVE-2026-46481
CVE-2026-46481 is a security vulnerability in OpenMetadata, a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive sensitive information in the HTTP 201 response of POST /api/v1/automations/workflows. The leaked information includes the cleartext database password in request.connection.config.password and the ing [truncated]