Unity Catalog has a JWT Issuer Validation Bypass Allows Complete User Impersonation
Description
Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint (/api/1.0/unity-control/auth/tokens). The endpoint extracts the issuer (iss) claim from incoming JWTs and uses it to dynamically fetch the JWKS endpoint for signature validation without validating that the issuer is a trusted identity provider.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unity Catalog <=0.4.0 has an authentication bypass in its token exchange endpoint, allowing attackers to impersonate any user by forging JWTs with an arbitrary issuer.
Vulnerability
Overview
The Unity Catalog token exchange endpoint (/api/1.0/unity-control/auth/tokens) contains a critical authentication bypass vulnerability in versions 0.4.0 and earlier. The endpoint extracts the iss (issuer) claim from incoming JWTs and dynamically fetches the JWKS endpoint for signature validation without verifying that the issuer is a trusted identity provider [1][3]. This design flaw allows an attacker to supply an arbitrary issuer URL that they control.
Exploitation
Method
An attacker can exploit this by hosting their own OIDC-compliant server with a valid JWKS endpoint. They then sign a JWT with their own private key, setting the iss claim to their server and the sub or email claim to any known user in the Unity Catalog system. This crafted token can be exchanged for a valid internal access token. Additionally, the implementation does not validate the aud (audience) claim, allowing tokens intended for other services to be reused [3].
Impact
Successful exploitation results in complete impersonation of any user in the system. The attacker gains access to all catalogs, schemas, tables, and other resources that the impersonated user has permissions to [3].
Mitigation
The vulnerability has been patched in Unity Catalog version 0.4.1 [4]. Users are strongly advised to upgrade to this version or later. No workarounds are documented; upgrading is the recommended action.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.unitycatalog:unitycatalog-serverMaven | < 0.4.1 | 0.4.1 |
Affected products
2- Range: <=0.4.0
- unitycatalog/unitycatalogv5Range: <= 0.4.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-qqcj-rghw-829xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-27478ghsaADVISORY
- github.com/unitycatalog/unitycatalog/releases/tag/v0.4.1ghsaWEB
- github.com/unitycatalog/unitycatalog/security/advisories/GHSA-qqcj-rghw-829xghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.