https://feed.craftedsignal.io/tags/cve-2026-33442/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioThu, 26 Mar 2026 17:16:40 +0000https://feed.craftedsignal.io/briefs/2026-03-kysely-sql-injection/Thu, 26 Mar 2026 17:16:40 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-kysely-sql-injection/Kysely versions 0.28.12 and 0.28.13 are vulnerable to SQL injection due to insufficient escaping of backslashes in the `sanitizeStringLiteral` method, potentially leading to arbitrary SQL execution on MySQL servers.Kysely, a type-safe TypeScript SQL query builder, is susceptible to a SQL injection vulnerability identified as CVE-2026-33442. The vulnerability resides in the sanitizeStringLiteral method of the query compiler within versions 0.28.12 and 0.28.13. The method inadequately handles backslashes, failing to escape them, while properly escaping single quotes. On MySQL servers configured with the default BACKSLASH_ESCAPES SQL mode enabled, this oversight allows an attacker to inject a backslash…

]]>highadvisorysql-injectionkyselycve-2026-33442