CVE-2026-27464

Name of the Vulnerable Software and Affected Versions Metabase versions prior to 0.57.13 Metabase versions 0.58.x through 0.58.6

Description Metabase is a data analytics platform where authenticated users could retrieve sensitive information, including database access credentials. A low-privileged user can extract sensitive information, such as database credentials, and include it in the email body through template evaluation. The issue involves access to vulnerable endpoints.

Recommendations Disable notifications in your Metabase instance to disallow access to the vulnerable endpoints. Update to version 0.57.13 or later. Update to version 0.58.7 or later.