How severe is CVE-2026-22244?

The severity of CVE-2026-22244 has not been assessed with CVSS v3.

CVE-2026-22244

NONE

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must

Publicado: 1/8/2026Atualizado: 1/8/2026

Descrição

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4 contains a patch.

Análise IADesenvolvido por IA

Referências

https://github.com/open-metadata/OpenMetadata/commit/bffe7c45807763f9b682021d4211c478d2a08bb3
https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5f29-2333-h9c7
https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5f29-2333-h9c7