VYPR
High severity8.6NVD Advisory· Published Jan 12, 2026· Updated Apr 10, 2026

CVE-2026-22805

CVE-2026-22805

Description

Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be potentially impacted if their Metabase is colocated with other unsecured resources. This vulnerability is fixed in 55.13, 56.3, and 57.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • Metabase/Metabase5 versions
    cpe:2.3:a:metabase:metabase:*:*:*:*:-:*:*:*+ 4 more
    • cpe:2.3:a:metabase:metabase:*:*:*:*:-:*:*:*range: <0.55.13
    • cpe:2.3:a:metabase:metabase:0.57.0:beta:*:*:-:*:*:*
    • cpe:2.3:a:metabase:metabase:1.57.0:beta:*:*:enterprise:*:*:*
    • cpe:2.3:a:metabase:metabase:*:*:*:*:enterprise:*:*:*range: <1.55.13
    • (no CPE)range: < 55.13, < 56.3, < 57.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.