{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/sqlfluff--4.1.0/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["sqlfluff (\u003c 4.1.0)"],"_cs_severities":["high"],"_cs_tags":["dos","sqlfluff","CVE-2026-46373"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eSQLFluff versions prior to 4.1.0 are vulnerable to a denial-of-service (DoS) attack (CVE-2026-46373) stemming from a recursive stack overflow in the parser. This vulnerability occurs when an untrusted user submits a malicious SQL query containing excessive nesting. The excessive nesting leads to unbounded recursion during parsing, which exhausts system resources and results in a DoS condition. The Imperva Threat Research Team discovered and reported this vulnerability. SQLFluff is commonly used for linting SQL queries, and deployments that allow untrusted users to submit SQL queries for linting are particularly at risk. Version 4.1.0 and later contain a configurable recursion limit, enabled by default, which effectively mitigates this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a target application that utilizes SQLFluff for SQL query linting and accepts user-provided SQL queries.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious SQL query with deliberate, excessive nesting of SQL constructs (e.g., nested SELECT statements, subqueries, or deeply nested expressions).\u003c/li\u003e\n\u003cli\u003eThe attacker submits the crafted SQL query to the target application.\u003c/li\u003e\n\u003cli\u003eThe target application passes the SQL query to SQLFluff for linting.\u003c/li\u003e\n\u003cli\u003eSQLFluff\u0026rsquo;s parser attempts to parse the deeply nested SQL query, leading to uncontrolled recursion.\u003c/li\u003e\n\u003cli\u003eThe recursion consumes excessive stack memory and CPU resources.\u003c/li\u003e\n\u003cli\u003eThe application\u0026rsquo;s resources become exhausted, leading to a denial-of-service condition.\u003c/li\u003e\n\u003cli\u003eThe target application becomes unresponsive or crashes, impacting availability for legitimate users.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability results in a denial-of-service condition, rendering the target application unresponsive or unavailable. The severity of the impact depends on the criticality of the affected application and the scale of its user base. While the number of victims is unknown, any system using affected versions of SQLFluff and processing untrusted queries could be impacted. This affects systems where users can supply SQL queries for testing or linting.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade SQLFluff to version 4.1.0 or later to benefit from the implemented recursion limit, mitigating CVE-2026-46373.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures to limit the complexity and depth of user-supplied SQL queries, even if SQLFluff is upgraded.\u003c/li\u003e\n\u003cli\u003eMonitor CPU and memory usage of systems running SQLFluff to detect potential DoS attacks. Deploy the Sigma rule \u003ccode\u003eDetect SQLFluff Excessive Recursion Attempt\u003c/code\u003e to identify suspicious command execution patterns.\u003c/li\u003e\n\u003cli\u003eIf upgrading is not immediately feasible, consider implementing a rate-limiting mechanism to restrict the number of SQL query submissions from a single user or IP address within a specific timeframe.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-19T20:10:45Z","date_published":"2026-05-19T20:10:45Z","id":"https://feed.craftedsignal.io/briefs/2026-05-sqlfluff-dos/","summary":"A maliciously crafted SQL query with excessive nesting can cause a denial of service by exhausting resources when parsed by SQLFluff versions prior to 4.1.0; version 4.1.0 introduces a configurable recursion limit to mitigate this vulnerability.","title":"SQLFluff Recursive Stack Overflow Vulnerability (CVE-2026-46373)","url":"https://feed.craftedsignal.io/briefs/2026-05-sqlfluff-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Sqlfluff (\u003c 4.1.0)","version":"https://jsonfeed.org/version/1.1"}