February 2026 vulnerability: What happened?

What happened?

Sho Odagiri, a security researcher, reported a vulnerability in Metabase’s notification API. The vulnerability allowed an authenticated user to craft a specially formatted notification template that could extract database connection details, including credentials, and send them via outbound email.

Who was affected?

We have no evidence that this vulnerability was exploited by any customer or malicious actor prior to the fix being released.

See the Fixed versions below, and find the latest point version for the Metabase version you’re running. If you’re running a point version below that version, you’re still vulnerable and should upgrade immediately.

Why did it happen?

Two independent changes introduced this vulnerability:

1. We updated the notification system to support user-supplied Handlebars templates for rendering email content.
2. We added metadata objects to query results, which could be traversed to access database connection details.

Together, these changes made it possible for an authenticated user to write a template that could extract sensitive database details via an outgoing email.

Part of what made this vulnerability difficult to catch is that the Handlebars library did not clearly document a method resolver that allows templates to invoke arbitrary Java methods.

What did we fix?

We addressed this vulnerability through two fixes:

• Locked down the Handlebars template engine. We removed the method resolver from the Handlebars library configuration, which prevents templates from invoking arbitrary Java methods on objects in the rendering context. This eliminates the ability for user-supplied templates to traverse into internal objects.
• Stripped metadata from query results used in notifications. We ensured that internal metadata objects—which previously could carry a reference to database connection details—are no longer present in the notification rendering context.

Fixed versions

All Metabase Cloud instances have been upgraded and are no longer vulnerable.

If you are self-hosted and haven’t already upgraded, please upgrade to one of the following versions (or higher) for your respective version.

• Version 55: v0.55.20 / v1.55.20
• Version 56: v0.56.20 / v1.56.20
• Version 57: v0.57.13 / v1.57.13
• Version 58: v0.58.7 / v1.58.7

What are we doing to prevent this in the future?

Along with the fixes we’ve made, we’re working through additional improvements to reduce risk:

• Improving logging around template rendering so that we can audit user-supplied templates and detect unusual behavior.
• Adding a wrapper around database credential access to prevent credential access outside of designated connection establishment paths.

Conclusion

Patches are live across all affected versions, and we have no evidence this vulnerability was exploited before the fix landed. We’re tightening template evaluation, locking down credential access paths, and improving logging to catch unusual behavior early.

If you’re self-hosted and haven’t upgraded already, please upgrade as soon as possible.

Credits

Hat tip to Sho Odagiri from GMO Cybersecurity by Ierae, Inc for discovering and disclosing this vulnerability.

Questions or concerns?

Reach out at support@metabase.com.