High severity7.7NVD Advisory· Published Mar 31, 2026· Updated Apr 6, 2026

CVE-2026-34214

Description

Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials (access key) or vended credentials (temporary access key) are accessible to users that have write privilege on SQL level. This issue has been patched in version 480.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
io.trino:trino-icebergMaven	>= 439, < 480	480

Affected products

Trino/Trino
cpe:2.3:a:trino:trino:*:*:*:*:*:*:*:*
Range: >=439,<480

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-x27p-5f68-m644ghsaADVISORY
github.com/trinodb/trino/security/advisories/GHSA-x27p-5f68-m644nvdVendor AdvisoryWEB
nvd.nist.gov/vuln/detail/CVE-2026-34214ghsaADVISORY
github.com/trinodb/trino/releases/tag/480nvdRelease NotesWEB

News mentions

No linked articles in our index yet.

cvss	0.501
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000