How severe is CVE-2026-22244?

The severity of CVE-2026-22244 has not been assessed with CVSS v3.

CVE-2026-22244

NONE

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must

Veröffentlicht: 1/8/2026Aktualisiert: 1/8/2026

Beschreibung

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4 contains a patch.

KI-AnalyseKI-gestützt

Referenzen

https://github.com/open-metadata/OpenMetadata/commit/bffe7c45807763f9b682021d4211c478d2a08bb3
https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5f29-2333-h9c7
https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5f29-2333-h9c7