CVE-2026-22244

CVSS v4.0

9.4

Critical

Vector

AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions OpenMetadata versions prior to 1.11.4

Description OpenMetadata is a unified metadata platform susceptible to remote code execution through Server-Side Template Injection (SSTI) within FreeMarker email templates. Exploitation requires an attacker to possess administrative privileges. The vulnerability resides in how email templates are processed, potentially allowing malicious code execution.

Recommendations Update to version 1.11.4 or later.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-1336

Related Identifiers

CVE-2026-22244

GHSA-5F29-2333-H9C7

Affected Products

Openmetadata

CVE-2026-22244

Weakness Enumeration

Related Identifiers

Affected Products

References · 8