Tag
A critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint (CVE-2026-27478), allowing attackers to impersonate any user by forging JWTs with a self-controlled issuer and exchanging them for valid access tokens, granting unauthorized access to catalogs and other resources.