Critical severityNVD Advisory· Published Mar 11, 2026· Updated Mar 12, 2026
Unity Catalog has a JWT Issuer Validation Bypass Allows Complete User Impersonation
CVE-2026-27478
Description
Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint (/api/1.0/unity-control/auth/tokens). The endpoint extracts the issuer (iss) claim from incoming JWTs and uses it to dynamically fetch the JWKS endpoint for signature validation without validating that the issuer is a trusted identity provider.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.unitycatalog:unitycatalog-serverMaven | < 0.4.1 | 0.4.1 |
Affected products
2- unitycatalog/unitycatalogv5Range: <= 0.4.0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-qqcj-rghw-829xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-27478ghsaADVISORY
- github.com/unitycatalog/unitycatalog/releases/tag/v0.4.1ghsaWEB
- github.com/unitycatalog/unitycatalog/security/advisories/GHSA-qqcj-rghw-829xghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.