{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-33442/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["sql-injection","kysely","cve-2026-33442"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eKysely, a type-safe TypeScript SQL query builder, is susceptible to a SQL injection vulnerability identified as CVE-2026-33442. The vulnerability resides in the \u003ccode\u003esanitizeStringLiteral\u003c/code\u003e method of the query compiler within versions 0.28.12 and 0.28.13. The method inadequately handles backslashes, failing to escape them, while properly escaping single quotes. On MySQL servers configured with the default \u003ccode\u003eBACKSLASH_ESCAPES\u003c/code\u003e SQL mode enabled, this oversight allows an attacker to inject a backslash…\u003c/p\u003e\n","date_modified":"2026-03-26T17:16:40Z","date_published":"2026-03-26T17:16:40Z","id":"/briefs/2026-03-kysely-sql-injection/","summary":"Kysely versions 0.28.12 and 0.28.13 are vulnerable to SQL injection due to insufficient escaping of backslashes in the `sanitizeStringLiteral` method, potentially leading to arbitrary SQL execution on MySQL servers.","title":"SQL Injection Vulnerability in Kysely TypeScript Library (CVE-2026-33442)","url":"https://feed.craftedsignal.io/briefs/2026-03-kysely-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-33442","version":"https://jsonfeed.org/version/1.1"}