{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/erupt/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["sql-injection","vulnerability","erupt"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA SQL injection vulnerability, identified as CVE-2026-4594, has been discovered in the erupts erupt framework, affecting versions up to 1.13.3. The vulnerability resides within the \u003ccode\u003egeneEruptHqlOrderBy\u003c/code\u003e function in the \u003ccode\u003eerupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java\u003c/code\u003e file. Attackers can remotely exploit this flaw by manipulating the \u003ccode\u003esort.field\u003c/code\u003e argument, leading to arbitrary SQL command execution within the Hibernate framework. Public exploit code is available…\u003c/p\u003e\n","date_modified":"2026-03-23T18:16:26Z","date_published":"2026-03-23T18:16:26Z","id":"/briefs/2024-01-02-erupt-sql-injection/","summary":"A SQL injection vulnerability (CVE-2026-4594) exists in erupts erupt up to version 1.13.3, allowing remote attackers to execute arbitrary SQL commands by manipulating the sort.field argument in the geneEruptHqlOrderBy function.","title":"Erupt Framework SQL Injection Vulnerability (CVE-2026-4594)","url":"https://feed.craftedsignal.io/briefs/2024-01-02-erupt-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Erupt","version":"https://jsonfeed.org/version/1.1"}