Insertion of Sensitive Information Into Sent Data

CVE-2026-46481

Low

0/10

Summary

This is not applicable if an application is configuring the Secrets Store to store credentials. Please make sure to follow the best practices when deploying in production. In OpenMetadata 1.12.1, a non-admin SSO user can trigger a `TEST_CONNECTION` workflow for a Database Service and receive, in the HTTP 201 response of `POST /api/v1/automations/workflows`.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: LOW

CWE-201 - Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

References

Advisory

Advisory Timeline

Published May 21, 2026

Insertion of Sensitive Information Into Sent Data

CVE-2026-46481

Summary

CWE-201 - Insertion of Sensitive Information Into Sent Data

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS