SciTokens KeyCache SQL Injection Vulnerability (CVE-2026-32714)
A SQL injection vulnerability exists in SciTokens versions before 1.9.6, allowing attackers to execute arbitrary SQL commands via the KeyCache class by manipulating user-supplied data used in SQL query construction.
SciTokens is a reference library for generating and using SciTokens. A critical SQL injection vulnerability, identified as CVE-2026-32714, affects SciTokens versions prior to 1.9.6. The vulnerability resides within the KeyCache class, which improperly utilizes Python’s str.format() to construct SQL queries. This allows an attacker to inject arbitrary SQL commands by manipulating user-supplied data, such as the issuer and key_id parameters, during interactions with the local SQLite…
Detection coverage 2
Detect Suspicious Processes Accessing SQLite Databases
mediumDetects processes that are not typically associated with SQLite database access and may indicate exploitation of CVE-2026-32714
Detect SciTokens process with SQL injection attempt
highDetects potential SQL injection attempts in SciTokens by monitoring command line parameters of python processes related to SciTokens.
Detection queries are kept inside the platform. Get full rules →