{
  "entrypoint_kind": "endpoint",
  "entrypoint_detail": "Bounded variant checks against POST /api/database and POST /api/ee/serialization/import, with a probe for /api/ee/advanced-config availability, using the same unsafe H2 escaped-semicolon connection-string sink as CVE-2026-59826",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "docker",
    "metabase-enterprise",
    "h2"
  ],
  "proof_artifacts": [
    "logs/vuln_variant/reproduction_steps.log",
    "logs/vuln_variant/vuln_metabase.log",
    "logs/vuln_variant/fixed_metabase.log",
    "logs/vuln_variant/vuln_database_create.request.json",
    "logs/vuln_variant/vuln_database_create.response.json",
    "logs/vuln_variant/fixed_database_create.request.json",
    "logs/vuln_variant/fixed_database_create.response.json",
    "logs/vuln_variant/vuln_serialization_import.response.txt",
    "logs/vuln_variant/fixed_serialization_import.response.txt",
    "logs/vuln_variant/vuln_advanced_config_probe.response.txt",
    "logs/vuln_variant/fixed_advanced_config_probe.response.txt",
    "logs/vuln_variant/source_versions.txt"
  ],
  "notes": "No distinct bypass confirmed: tested normal database creation and serialization import on vulnerable v1.61.1 and fixed v1.61.2; fixed marker=false, vulnerable marker=false."
}
