CVE-2026-42811

Name of the Vulnerable Software and Affected Versions Apache Polaris version 1.4.0

Description Apache Polaris fails to properly escape namespace and table identifiers when constructing Common Expression Language (CEL) strings for Google Cloud Storage (GCS) Credential Access Boundaries (CAB). This allows a crafted namespace or table name containing single quotes and URI-safe CEL fragments to break out of the intended quoted string and alter the CEL condition. Consequently, short-lived GCS credentials intended for a single table can be broadened to provide bucket-wide access within the configured bucket. This enables unauthorized actions, including listing, reading, creating, and deleting objects under other tables' prefixes or unrelated external prefixes in the same bucket.

Recommendations For version 1.4.0, restrict the use of crafted namespace or table identifiers until a fix is applied.