VYPR

Maven package

io.unitycatalog/unitycatalog-server

pkg:maven/io.unitycatalog/unitycatalog-server

Vulnerabilities (1)

  • CVE-2026-27478Mar 11, 2026
    affected < 0.4.1fixed 0.4.1

    Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint (/api/1.0/unity-control/auth/tokens). The endpoint extracts the issuer (iss) claim from incoming