Iceberg REST catalog credentials leak via Trino query JSON

TL;DR — Trino’s Iceberg REST catalog connector can expose object-storage access keys in query JSON, letting low-privilege query writers retrieve credentials via the UI/API and potentially access underlying data.

What happened

Trino is a distributed SQL query engine commonly used as a shared analytics platform. The io.trino:trino-iceberg connector integrates Trino with Apache Iceberg tables; when using an Iceberg REST catalog, the connector typically needs credentials to access backing object storage (e.g., S3).

CVE-2026-34214 reports that static credentials (access keys) or vended temporary credentials used by the Iceberg REST catalog path can be serialized into query JSON as part of query plans/handles for Iceberg writes and maintenance operations. A user who submitted the query can access query JSON via Trino UI or API endpoints (including /ui/api/query/<query_id> and /v1/query/<query_id>), and users with SQL write privileges can retrieve these credentials.

Credential exposure via “debug” or “observability” surfaces is a recurring failure mode in multi-tenant data platforms: the UI/API meant for troubleshooting becomes an unintended secrets distribution channel.

Who is impacted

• Trino deployments using the Iceberg connector (io.trino:trino-iceberg) with an Iceberg REST catalog configured with static or vended object-storage credentials.
• Environments where users with SQL write privileges can submit Iceberg write/maintenance operations and then access query JSON for those queries.

What to do now

• Follow vendor remediation guidance and apply a release that includes the fix (the advisory lists 480 as the first fixed version).
• Treat any exposed static object-storage credentials as compromised:

  • "The credentials should be considered compromised."

• Use the advisory’s guidance on temporary creds when assessing blast radius:

  • "Vended credentials are temporary in nature so they do not need to be rotated."

• Incident-response posture for shared Trino clusters:
  • Review access to query JSON endpoints and Trino UI permissions in environments with untrusted/semi-trusted query authors.
  • Audit object-storage access logs for suspicious access correlated to Trino users/roles that had Iceberg write privileges.
  • Re-scope and least-privilege the storage credentials used by the Iceberg REST catalog (especially long-lived static keys) to limit exposure if query JSON was accessed.