Metabase announced a patch release for a critical vulnerability a little over a week ago: <a href="https://www.metabase.com/blog/security-advisory" rel="nofollow noreferrer">https://www.metabase.com/blog/security-advisory</a><p>Today they have announced further, related vulnerabilities, and if you're running your own instance you should patch again, or disable your instance until you have a chance to do so.<p>The vulnerabilities allow an unauthenticated attacker to run arbitrary commands with the same privileges as the Metabase server on the server you are running Metabase on. This would allow arbitrary querying of any database that Metabase is connected to.