How severe is CVE-2026-22244?

The severity of CVE-2026-22244 has not been assessed with CVSS v3.

CVE-2026-22244

NONE

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must

Published: 1/8/2026Updated: 1/8/2026

Description

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4 contains a patch.

AI AnalysisPowered by AI

References

https://github.com/open-metadata/OpenMetadata/commit/bffe7c45807763f9b682021d4211c478d2a08bb3
https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5f29-2333-h9c7
https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5f29-2333-h9c7