CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Datahub: >> Datahub >> 0.12.1.5 Security Vulnerabilities

CVE-2026-44501

DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend (datahub-frontend-react) deserializes attacker-controlled Java objects from the REDIRECT_URL HTTP cookie during the OIDC callback flow, with no integrity protection (no HMAC, no encryption). This is a Deserialization of Untrusted Data vulnerability (CWE-502) affecting the GET /callback/oidc endpoint. Successful exploitation requires a valid user account in the configured OIDC identity provider This vulnerability is fixed in 1.5.0.3.

CVSS Score

4.3

EPSS Score

0.0

Published

2026-05-14

CVE-2026-25644

DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8.

CVSS Score

7.5

EPSS Score

0.0

Published

2026-02-06

Page 1

Vulnerabilities

Vulnerable Software

Datahub: >> Datahub >> 0.12.1.5 Security Vulnerabilities

Products

Pricing

Contact Us