CVE-2026-59827: Metabase H2 Database Java Deserialization RCE Forensic Investigators Must Contain Fast

Metabase disclosed CVE-2026-59827 on 9 July 2026: Metabase instances with an H2 database connection (including the default sample database) deserialize arbitrary Java objects returned in H2 native query result columns. CVSS 3.1 base score is 9.9 CRITICAL with SCOPE CHANGED designation. The vulnerability affects Metabase versions before 1.58.15, 1.59.12, 1.60.6.3 and 1.61.1.4. Sherlock Forensics treats this as a top-priority forensic surface because Metabase deployments concentrate embedded database credentials and historical query results and business metric context in one authenticated plane.

TL;DR and CVE Summary

TL;DR: CVE-2026-59827 (CVSS 9.9 CRITICAL, CWE-502 Deserialization of Untrusted Data). SCOPE CHANGED. Metabase instances with any H2 database connection deserialize attacker-controlled Java objects from query result columns, producing remote code execution in the Metabase JVM. Affects Metabase versions before 1.58.15, 1.59.12, 1.60.6.3 and 1.61.1.4. Fixed in those specific point releases. Vendor advisory published through Metabase Security Bulletin. The H2 default sample database is enabled out of the box on standard Metabase installations and is sufficient to trigger the vulnerability.

What This Vulnerability Actually Is

Per the Metabase Security Bulletin and the NIST National Vulnerability Database primary source, CVE-2026-59827 is a Java deserialization vulnerability in the Metabase H2 database integration. Metabase supports many database backends (PostgreSQL, MySQL, Snowflake, BigQuery, Redshift) and ships with an embedded H2 database that stores the default sample data and is often kept enabled for demo and onboarding purposes. The H2 native query result column type includes Java Object types by design, allowing H2 to return serialized JVM objects as query results. Metabase's result-parsing path deserialized these Java objects without validating the class allowlist, which allows an attacker who can influence the H2 result content to execute arbitrary code in the Metabase JVM.

The NVD CVSS 3.1 vector is AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. Network attack vector reflects that the Metabase web interface is reachable over the network. Low complexity reflects that the deserialization gadget-chain payload is well-documented (ysoserial gadget chains from the Java deserialization ecosystem transfer directly). Low privileges required means any Metabase user with permission to save or execute a query against the H2 database can trigger the exploitation path; on default installations that includes ordinary read-only analyst accounts. SCOPE CHANGED is the load-bearing designation: successful exploitation crosses the Metabase project-permissions boundary and reaches the underlying JVM and operating system context. High confidentiality and high integrity and high availability impact reflects that arbitrary code execution in the Metabase JVM allows total compromise of the Metabase instance and every credential Metabase holds for downstream data sources.

For investigators and defenders the practical translation of the CVSS vector matters. Metabase in most Canadian mid-market deployments holds credentials for the organization's primary data warehouse and operational databases. A compromised Metabase JVM has read access to every credential and can pivot outward to the entire data-warehouse infrastructure. The compromise blast radius extends well beyond the Metabase instance itself. Metabase deployments are commonly exposed at company-controlled DNS (metabase.example.com) with authentication enforced at the Metabase layer; if the H2 database is enabled the vulnerability is exploitable by any authenticated user regardless of their Metabase role permissions.

How an Attacker Would Exploit This

An attacker exploiting this class of vulnerability begins with reconnaissance to confirm the Metabase instance is running an affected version and has the H2 database connection enabled. Metabase version fingerprinting is possible through the /api/session/properties endpoint which returns the software version and enabled feature flags. H2 database presence is inferable from the default database listing endpoint. Modern attacker tooling (Shodan queries for "Metabase" title tag, Censys Metabase-specific scans) inventories every reachable Metabase instance before targeting specific hosts.

Once the attacker confirms a target the exploitation path uses a Java deserialization gadget chain (typical ysoserial payloads: CommonsCollections1 through CommonsCollections11, Rome, JBoss chains). The attacker crafts an H2 native query that returns a Java Object column populated with the serialized gadget-chain payload. On query execution Metabase deserializes the payload into JVM object graph and invokes the gadget-chain side effects producing arbitrary command execution in the Metabase JVM user context.

This explanation is provided for defensive context. Sherlock Forensics does not publish weaponized proof-of-concept code. The exploitation path explanation is what defenders need to design detection rules and understand the attack surface; the precise weaponized payload belongs in vendor-coordinated disclosure and security research channels not in public-facing forensic analysis content. Where public exploit code does exist in the Metabase security disclosure the defender review pathway is the linked Metabase Security Bulletin and the reference exploit demonstrations published in the standard security research repositories.

Why This Is a Forensic Investigation Surface

The Sherlock Forensics perspective treats CVE-2026-59827 as a high-priority forensic surface for three reasons. First, Metabase deployment prevalence: Metabase is one of the most widely-deployed open-source business intelligence platforms in Canadian mid-market and is the default self-hosted BI choice for startups and small-to-mid enterprise IT teams. The affected population is large. Second, credential concentration: Metabase instances typically hold read credentials for the primary data warehouse and operational databases and data lake infrastructure. A compromised Metabase equals compromised credentials to every downstream data source. Third, historical query context: Metabase stores executed query history and dashboard configurations and user activity logs which reveal the exact data the business considers valuable. For an attacker preparing follow-on exfiltration Metabase's query history is a targeting roadmap.

For an investigation of suspected Metabase compromise the standard playbook covers the Metabase application logs and the H2 database file and the JVM heap and the operating system layer beneath the JVM. The Sherlock incident response engagement page documents the BI platform compromise investigation methodology including credential rotation planning and downstream data-source access audit that scoping the blast radius requires.

Detection: What Investigators Should Look For

The forensic question is whether the Metabase instance was reachable during the vulnerable window and whether any authenticated user session exhibited activity consistent with H2 native query exploitation. Metabase application logs at info verbosity capture query submission events including the query text and the user identity and the timestamp. Anomalous patterns include native queries against the H2 database from accounts that do not normally use the H2 sample database, native queries containing serialized Java object markers (base64-encoded strings starting with rO0AB) and queries whose execution triggered errors in the deserialization path.

The Metabase audit trail records every user login and query save and dashboard modification. Cross-correlating the audit trail against application log entries narrows the investigation to specific user sessions. The JVM heap at time of incident may contain remnants of deserialization gadget-chain execution which can be recovered through JVM heap dump capture during acquisition and subsequent offline analysis. The operating system layer beneath the JVM captures the process spawns and network connections that follow arbitrary code execution; Linux systemd-journald and auditd or Windows Sysmon capture the shell processes and network calls the attacker payload initiates.

Detection Signature

The following Sigma rule covers the H2 Java deserialization exploitation pattern as it commonly appears in Metabase application logs. Adapt the logsource and field names to your specific stack. For non-Metabase Java deserialization vulnerabilities the same logic translates to the corresponding application-tier log shape.

title: Metabase H2 Java Deserialization Payload Indicators
id: metabase-cve-2026-59827-sigma-rule
status: experimental
description: Detects likely CVE-2026-59827 exploitation via H2 native query result deserialization payloads in Metabase application logs
references:
  - https://cwe.mitre.org/data/definitions/502.html
logsource:
  product: metabase
  category: application
detection:
  selection_query_pattern:
    query_text|contains:
      - "rO0AB"
      - "CommonsCollections"
      - "ysoserial"
      - "gadget"
    database_engine: "h2"
  selection_error:
    error_message|contains:
      - "deserialization"
      - "readObject"
      - "ObjectInputStream"
  condition: selection_query_pattern or selection_error
falsepositives:
  - Legitimate serialized-object query results in enterprise BI dashboards
  - Security scanner activity
level: high

Mitigation and Patch Guidance

The vendor remediation path for CVE-2026-59827 is upgrading Metabase to the fixed version applicable to the deployed release train (1.58.15 or 1.59.12 or 1.60.6.3 or 1.61.1.4 depending on your channel). Apply the vendor patch through the normal change management process. For organizations that cannot patch immediately the compensating control is to disable the H2 database connection entirely. Metabase administrators can remove the H2 sample database through the admin panel and verify no other H2 connections are configured. This eliminates the exploitation surface pending patch deployment.

After patch deployment the verification step confirms the affected version has been replaced with the fixed version. The verification command depends on the deployment: Docker containers show the version in the container image tag or through the /api/session/properties endpoint; JAR-based deployments show the version in the JAR filename and the /api/session/properties endpoint. For network-exposed Metabase instances a direct probe of the /api/session/properties endpoint and review of the returned version field can confirm patch deployment in production. Document the verification result as part of the remediation record.

The second-order remediation step that many organizations miss is rotating downstream database credentials that Metabase held during the vulnerable window. The patch closes the deserialization vector but does not invalidate credentials that may have been extracted during the vulnerable period. Production database read credentials, data warehouse credentials and any API tokens embedded in Metabase configuration all need rotation as part of the response timeline. The rotation blast radius often spans the organization's primary data plane so change management coordination matters.

References and Further Reading

For Canadian organizations operating under PIPEDA or provincial-equivalent privacy frameworks an incident that involves exploitation of CVE-2026-59827 may carry breach notification obligations depending on the data exposed via downstream credential access. The Sherlock PIPEDA Section 4.7 Compliance Deep Dive covers the notification framework. For incident response engagement support the Sherlock services page documents the methodology Sherlock applies to BI platform compromise investigations including the credential rotation and downstream access audit scope.