CVE-2026-33725

HIGH

Metabase vulnerable to RCE and Arbitrary File Read via H2 JDBC INIT Injection in EE Serialization Import

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-33725. PoCs published by hakaioffsec, XZ1r0.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-33725, demonstrating RCE and arbitrary file read in Metabase via H2 JDBC INIT injection through EE serialization import. The exploit constructs a malicious tar.gz file with crafted YAML and H2 database configurations to trigger command execution.

Description

Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4, authenticated admins on Metabase Enterprise Edition can achieve Remote Code Execution (RCE) and Arbitrary File Read via the `POST /api/ee/serialization/import` endpoint. A crafted serialization archive injects an `INIT` property into the H2 JDBC spec, which can execute arbitrary SQL during a database sync. We confirmed this was possible on Metabase Cloud. This only affects Metabase Enterprise. Metabase OSS lacks the affected codepaths. All versions of Metabase Enterprise that have serialization, which dates back to at least version 1.47, are affected. Metabase Enterprise versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4 patch the issue. As a workaround, disable the serialization import endpoint in their Metabase instance to prevent access to the vulnerable codepaths.

Exploits (2)

nomisec WORKING POC 6 stars
by hakaioffsec · poc
https://github.com/hakaioffsec/CVE-2026-33725

This repository contains a functional exploit for CVE-2026-33725, demonstrating RCE and arbitrary file read in Metabase via H2 JDBC INIT injection through EE serialization import. The exploit constructs a malicious tar.gz file with crafted YAML and H2 database configurations to trigger command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Metabase Enterprise (versions ≥ v1.47 and < v1.59.4)
Auth required
Prerequisites: Admin session token · Access to EE serialization import endpoint
devstral-2 · analyzed Apr 24, 2026 Full analysis →
github WORKING POC
by XZ1r0 · pythonpoc
https://github.com/XZ1r0/cve-2026-poc-collection/tree/main/other/CVE-2026-33725

This repository contains a functional exploit for CVE-2026-33725, which targets Metabase Enterprise Edition via H2 JDBC INIT injection in the EE Serialization Import feature. The exploit allows for Remote Code Execution (RCE) and Arbitrary File Read by leveraging Clojure-based payloads and H2 database initialization commands.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Metabase Enterprise Edition (versions ≥ v1.47 and < v1.54.22, ≥ v1.54.0 and < v1.54.22, ≥ v1.55.0 and < v1.55.22, ≥ v1.56.0 and < v1.56.22, ≥ v1.57.0 and < v1.57.16, ≥ v1.58.0 and < v1.58.10, ≥ v1.59.0 and < v1.59.4)
Auth required
Prerequisites: Admin session token · Access to the EE Serialization Import endpoint
devstral-2 · analyzed May 21, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.2
EPSS 0.0018
EPSS Percentile 40.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-502
Status published
Products (6)
metabase/metabase < 1.54.22 (2 CPE variants)
metabase/metabase >= 1.55.0, < 1.55.22
metabase/metabase >= 1.56.0, < 1.56.22
metabase/metabase >= 1.57.0, < 1.57.16
metabase/metabase >= 1.58.0, < 1.58.10
metabase/metabase >= 1.59.0, < 1.59.4
Published Mar 27, 2026
Tracked Since Mar 27, 2026