{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T07:26:51.804","vulnerabilities":[{"cve":{"id":"CVE-2026-22805","sourceIdentifier":"security-advisories@github.com","published":"2026-01-12T23:15:53.217","lastModified":"2026-04-10T14:55:49.390","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be potentially impacted if their Metabase is colocated with other unsecured resources. This vulnerability is fixed in 55.13, 56.3, and 57.1."},{"lang":"es","value":"Metabase es una plataforma de análisis de datos de código abierto. Antes de 55.13, 56.3 y 57.1, las instancias de Metabase autoalojadas que permiten a los usuarios crear suscripciones podrían verse potencialmente afectadas si su Metabase está coubicada con otros recursos no seguros. Esta vulnerabilidad está corregida en 55.13, 56.3 y 57.1."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:metabase:metabase:*:*:*:*:-:*:*:*","versionEndExcluding":"0.55.13","matchCriteriaId":"F4A0D575-8CFF-4FFD-8139-C8AB9A2FBC08"},{"vulnerable":true,"criteria":"cpe:2.3:a:metabase:metabase:*:*:*:*:enterprise:*:*:*","versionEndExcluding":"1.55.13","matchCriteriaId":"40AAAF84-1F5E-4A75-84BA-A42A95AE1930"},{"vulnerable":true,"criteria":"cpe:2.3:a:metabase:metabase:*:*:*:*:-:*:*:*","versionStartIncluding":"0.56.0","versionEndExcluding":"0.56.3","matchCriteriaId":"38B54579-0285-4B58-A30F-1ECCAA9C6F40"},{"vulnerable":true,"criteria":"cpe:2.3:a:metabase:metabase:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.56.0","versionEndExcluding":"1.56.3","matchCriteriaId":"A939F298-EE96-4017-8322-192BA080F500"},{"vulnerable":true,"criteria":"cpe:2.3:a:metabase:metabase:0.57.0:beta:*:*:-:*:*:*","matchCriteriaId":"6205A3AA-7DDB-4450-9340-61EACE075F0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:metabase:metabase:1.57.0:beta:*:*:enterprise:*:*:*","matchCriteriaId":"F7765873-8C95-4AF8-A756-23C8AD7A1074"}]}]}],"references":[{"url":"https://github.com/metabase/metabase/security/advisories/GHSA-2wgg-7r2p-cmqx","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}}]}