CVE-2026-34214

Name of the Vulnerable Software and Affected Versions Trino versions 439 through 479

Description Trino is a distributed SQL query engine for big data analytics. The Iceberg connector REST catalog allows users with write privileges to access static credentials (access key) or vended credentials (temporary access key). These credentials are stored in query JSON, accessible via the /ui/api/query/«query id» and /v1/query/«query id» API endpoints. The storage credentials are serialized in query JSON during write operations or table maintenance operations. Anyone using the Iceberg REST catalog with static or vended credentials is impacted, and the credentials should be considered compromised.

Recommendations Upgrade to version 480 or later.