CVE-2026-34214
EUVD-2026-1745931.03.2026, 15:16
Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials (access key) or vended credentials (temporary access key) are accessible to users that have write privilege on SQL level. This issue has been patched in version 480.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| trino | trino | 439 ≤ 𝑥 < 480 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-212 - Improper Removal of Sensitive Information Before Storage or TransferThe product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
- CWE-312 - Cleartext Storage of Sensitive InformationThe product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.