High severity8.6NVD Advisory· Published Jan 12, 2026· Updated Apr 10, 2026
CVE-2026-22805
CVE-2026-22805
Description
Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be potentially impacted if their Metabase is colocated with other unsecured resources. This vulnerability is fixed in 55.13, 56.3, and 57.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:a:metabase:metabase:*:*:*:*:-:*:*:*+ 4 more
- cpe:2.3:a:metabase:metabase:*:*:*:*:-:*:*:*range: <0.55.13
- cpe:2.3:a:metabase:metabase:0.57.0:beta:*:*:-:*:*:*
- cpe:2.3:a:metabase:metabase:1.57.0:beta:*:*:enterprise:*:*:*
- cpe:2.3:a:metabase:metabase:*:*:*:*:enterprise:*:*:*range: <1.55.13
- (no CPE)range: < 55.13, < 56.3, < 57.1
Patches
Vulnerability mechanics
References
1- github.com/metabase/metabase/security/advisories/GHSA-2wgg-7r2p-cmqxnvdMitigationVendor Advisory
News mentions
0No linked articles in our index yet.