Tag
An authenticated user can achieve remote code execution in DIRAC's FileCatalog DatasetManager due to an SQL injection vulnerability (CVE-2026-61667) that allows manipulation of query results passed to an `eval` function, leading to full system compromise.