NIXPKGS-2026-0911

GitHub issue published on

Permalink CVE-2026-34214

7.7 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

updated 1 week ago by @LeSuisse Activity log

Created automatic suggestion 1 week ago
@LeSuisse removed package python312Packages.trino-python-client 1 week ago
@LeSuisse removed package python313Packages.trino-python-client 1 week ago
@LeSuisse removed package python314Packages.trino-python-client 1 week ago
@LeSuisse accepted 1 week ago
@LeSuisse published on GitHub 1 week ago

Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON

Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials (access key) or vended credentials (temporary access key) are accessible to users that have write privilege on SQL level. This issue has been patched in version 480.

References

https://github.com/trinodb/trino/security/advisories/GHSA-x27p-5f68-m644 x_refsource_CONFIRM
https://github.com/trinodb/trino/releases/tag/480 x_refsource_MISC

Affected products

trino

==>= 439, < 480

Matching in nixpkgs

pkgs.trino-cli

Trino CLI provides a terminal-based, interactive shell for running queries

nixos-unstable 476
- nixpkgs-unstable 476
- nixos-unstable-small 476
nixos-25.11 476
- nixos-25.11-small 476
- nixpkgs-25.11-darwin 476

Package maintainers

@cpcloud Phillip Cloud
@regadas Filipe Regadas <oss@regadas.email>

Advisory: https://github.com/trinodb/trino/security/advisories/GHSA-x27p-5f68-m644

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0911

References

Affected products

Matching in nixpkgs

pkgs.trino-cli

Package maintainers