CVE-2026-22244

HIGH

OpenMetadata < 1.11.4 - Authenticated Remote Code Execution via FreeMarker Email Template Injection

Title source: llm

Description

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4 contains a patch.

References (2)

Core 2

Core References

Exploit, Vendor Advisory x_refsource_confirm

https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5f29-2333-h9c7

Patch x_refsource_misc

https://github.com/open-metadata/OpenMetadata/commit/bffe7c45807763f9b682021d4211c478d2a08bb3

View Patch ZIP pw:eip

Scores

CVSS v3 7.2

EPSS 0.0076

EPSS Percentile 50.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-1336 CWE-94

Status published

Products (2)

open-metadata/openmetadata < 1.11.4

org.open-metadata/platform 0 - 1.11.4Maven

Published Jan 08, 2026

Tracked Since Feb 18, 2026