https://feed.craftedsignal.io/tags/cve-2026-32714/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 31 Mar 2026 03:15:55 +0000https://feed.craftedsignal.io/briefs/2026-03-scitokens-sqli/Tue, 31 Mar 2026 03:15:55 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-scitokens-sqli/A SQL injection vulnerability exists in SciTokens versions before 1.9.6, allowing attackers to execute arbitrary SQL commands via the KeyCache class by manipulating user-supplied data used in SQL query construction.SciTokens is a reference library for generating and using SciTokens. A critical SQL injection vulnerability, identified as CVE-2026-32714, affects SciTokens versions prior to 1.9.6. The vulnerability resides within the KeyCache class, which improperly utilizes Python’s str.format() to construct SQL queries. This allows an attacker to inject arbitrary SQL commands by manipulating user-supplied data, such as the issuer and key_id parameters, during interactions with the local SQLite…

]]>criticaladvisorysql-injectionscitokenscve-2026-32714web-application