Vulnerability in Metabase

CVE-2026-50148

Metabase is an open-source business intelligence and embedded analytics tool. From 1.54.0 until 1.54.24, 1.55.24, 1.56.25, 1.57.19, 1.58.14, 1.59.10, and 1.60.4, a Metabase user with permission to add or edit a database connection can achi…

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

  • Metabase — versions >= 1.54.0, < 1.54.24, >= 1.55.0, < 1.55.24, >= 1.56.0, < 1.56.25

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-50148?
CVE-2026-50148 is a critical-severity vulnerability in Metabase, classified under External Control of File Name or Path. CVSS score: 10.0/10. Published 2026-07-15.
How severe is CVE-2026-50148?
Critical severity. CVSS v3 base score is 10.0 out of 10.