{
  "entrypoint_kind": "endpoint",
  "entrypoint_detail": "POST /api/ee/database-routing/destination-database with an H2 connection property containing semicolon-escaped SQL, followed by POST /api/dataset to force the persisted destination connection",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "docker",
    "metabase-enterprise",
    "h2"
  ],
  "proof_artifacts": [
    "logs/reproduction_steps.log",
    "logs/vulnerable_metabase.log",
    "logs/fixed_metabase.log",
    "logs/vuln_attempt_1_api.request.json",
    "logs/vuln_attempt_1_api.response.json",
    "logs/vuln_attempt_1_api.query_response.json",
    "logs/vuln_attempt_2_api.request.json",
    "logs/vuln_attempt_2_api.response.json",
    "logs/vuln_attempt_2_api.query_response.json",
    "logs/fixed_attempt_1_api.request.json",
    "logs/fixed_attempt_1_api.response.json",
    "logs/fixed_attempt_2_api.request.json",
    "logs/fixed_attempt_2_api.response.json",
    "artifacts/metabase-cve-2026-59826/vuln_attempt_1_marker.txt",
    "artifacts/metabase-cve-2026-59826/vuln_attempt_2_marker.txt"
  ],
  "notes": "Confirmed: vulnerable Metabase Enterprise v1.61.1 accepts and later executes malicious H2 connection property SQL persisted through /api/ee/database-routing/destination-database in two attempts; fixed v1.61.2 rejects the same payload before persistence/execution."
}
