Metabase Enterprise — serialization import RCE (CVSS 7.2, public PoC)

cve · CVE-2026-33725

Coverage timeline

first 2026-05-07 → last 2026-05-07

Briefs

1 distinct

Sources cited

1 hosts

Sections touched

active_vulns

Co-occurring entities

no co-occurrence

Story timeline

2026-05-07CTI Daily Brief — 2026-05-07
active_vulnsFirst coverage. Admin-authenticated RCE via POST /api/ee/serialization/import; public Python PoC released by Hakai Security; no KEV; fixed in patched versions. [SINGLE-SOURCE-OTHER]

Where this entity is cited

active_vulns1

Source distribution

nvd.nist.gov1 (100%)

External references

NVD · cve.org · CISA KEV

All cited sources (1)

nvd.nist.govprimaryinlineNVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-33725
cited in 2026-05-07

Items in briefs about Metabase Enterprise — serialization import RCE (CVSS 7.2, public PoC)

No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.