CVSS 3.1 Score 9.8 of 10 (high)


Published Jul 21, 2023
Updated: Feb 15, 2024
CWE ID 287


CVE-2023-38646, also known as "Pre-Auth RCE in Metabase," is a critical vulnerability affecting Metabase open source versions before and Metabase Enterprise versions before This vulnerability allows attackers to execute arbitrary commands on the server without authentication, posing a high potential danger to organizations. The affected products include various sLuxex, sLuxe-, rcgtm, aUpGU, mZ88, ksSgr, YgpwJQ, and ooozM series. To remediate this vulnerability, organizations should update their Metabase installations to the fixed versions which include,,,,, and 1.43.7.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-38646 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options