{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/injection/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-7551"}],"_cs_exploited":false,"_cs_products":["OpenHarness"],"_cs_severities":["critical"],"_cs_tags":["rce","vulnerability","injection"],"_cs_type":"advisory","_cs_vendors":["HKUDS"],"content_html":"\u003cp\u003eHKUDS OpenHarness is vulnerable to a remote code execution flaw (CVE-2026-7551) affecting the /bridge slash command. This vulnerability permits remote attackers, who are authorized by the OpenHarness configuration, to execute arbitrary operating system commands on the host system. The attack leverages the /bridge spawn command, which, when supplied with attacker-controlled command text, is processed by the bridge session manager and executed through a shared shell subprocess. This execution context grants attackers the ability to spawn shell sessions with the privileges of the OpenHarness process user, potentially exposing local files, credentials, workspace state, and repository contents. Successful exploitation results in a complete compromise of the OpenHarness instance.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies an accessible OpenHarness instance with the vulnerable /bridge slash command enabled.\u003c/li\u003e\n\u003cli\u003eThe attacker authenticates or gains access to a communication channel (e.g., chat application) accepted by OpenHarness.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious /bridge spawn command containing OS commands to be executed.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted /bridge spawn command to the OpenHarness instance via the configured communication channel.\u003c/li\u003e\n\u003cli\u003eOpenHarness processes the /bridge command and forwards the attacker-controlled command text to the bridge session manager.\u003c/li\u003e\n\u003cli\u003eThe bridge session manager executes the injected OS commands through a shared shell subprocess.\u003c/li\u003e\n\u003cli\u003eThe attacker gains a shell session with the privileges of the OpenHarness process user.\u003c/li\u003e\n\u003cli\u003eThe attacker accesses local files, credentials, workspace state, and repository contents, potentially exfiltrating sensitive data or establishing persistence.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7551 allows attackers to execute arbitrary operating system commands on the OpenHarness server. This grants them the ability to spawn shell sessions as the OpenHarness process user, which can lead to the exposure of sensitive information such as local files, credentials, workspace state, and repository contents. The impact of this vulnerability is significant, potentially allowing for complete system compromise and data exfiltration, but the exact number of victims is currently unknown.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or updates provided by HKUDS to address CVE-2026-7551 on all OpenHarness instances.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on the /bridge slash command to prevent the injection of malicious OS commands.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for suspicious shell executions originating from the OpenHarness process using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eRestrict network access to the OpenHarness server to only authorized users and systems.\u003c/li\u003e\n\u003cli\u003eReview OpenHarness configurations to ensure that only trusted communication channels are accepted.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-30T22:17:40Z","date_published":"2026-04-30T22:17:40Z","id":"/briefs/2026-05-openharness-rce/","summary":"HKUDS OpenHarness contains a remote code execution vulnerability (CVE-2026-7551) in the /bridge slash command, allowing remote attackers to execute arbitrary operating system commands by injecting malicious commands via the /bridge spawn command, leading to unauthorized shell access and data exposure.","title":"HKUDS OpenHarness Remote Code Execution via /bridge Slash Command (CVE-2026-7551)","url":"https://feed.craftedsignal.io/briefs/2026-05-openharness-rce/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["sqli","dagster","injection"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA SQL injection vulnerability has been identified in Dagster\u0026rsquo;s I/O managers for DuckDB, Snowflake, BigQuery, and DeltaLake. The vulnerability stems from the construction of SQL WHERE clauses where dynamic partition key values are interpolated into queries without proper escaping. This allows an attacker with the \u003ccode\u003eAdd Dynamic Partitions\u003c/code\u003e permission to inject arbitrary SQL code. The injected SQL would then execute against the target database backend using the I/O manager\u0026rsquo;s credentials. This issue affects Dagster OSS versions up to 1.13.0, and dagster-* package versions up to 0.29.0. This vulnerability is most relevant when the \u003ccode\u003eAdd Dynamic Partitions\u003c/code\u003e permission is granted independently of broader database access, such as in multi-tenant or custom RBAC configurations.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains access to the Dagster API with the \u003ccode\u003eAdd Dynamic Partitions\u003c/code\u003e permission. This could be through compromised credentials or a misconfigured RBAC setup.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious dynamic partition key containing SQL injection payloads.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the Dagster API to create a new dynamic partition or modify an existing one, injecting the malicious key.\u003c/li\u003e\n\u003cli\u003eA Dagster pipeline or asset execution is triggered that utilizes the dynamic partitions functionality and the vulnerable I/O manager.\u003c/li\u003e\n\u003cli\u003eWhen the I/O manager constructs the SQL query, the malicious partition key is interpolated without proper escaping.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code is executed against the target database (DuckDB, Snowflake, BigQuery, or DeltaLake) using the I/O manager\u0026rsquo;s credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker can read sensitive data, modify existing data, or potentially escalate privileges within the database.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves their final objective, such as exfiltrating data or compromising the database\u0026rsquo;s integrity.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability can lead to unauthorized access and modification of data within the affected databases. The impact is particularly high in deployments where the \u003ccode\u003eAdd Dynamic Partitions\u003c/code\u003e permission is granted to users without broader database access. This vulnerability could allow attackers to bypass intended access controls and potentially gain full control of the database, leading to data breaches, data corruption, or denial of service. The number of affected deployments is currently unknown, but organizations using Dagster with dynamic partitions should assess their exposure.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade all \u003ccode\u003edagster-*\u003c/code\u003e packages (dagster-duckdb, dagster-snowflake, dagster-gcp, dagster-deltalake, dagster-snowflake-polars) to versions greater than 0.29.0 and \u003ccode\u003edagster\u003c/code\u003e package to versions greater than 1.13.0 as outlined in the advisory to remediate the vulnerability.\u003c/li\u003e\n\u003cli\u003eReview user roles and permissions within Dagster, specifically focusing on who has the \u003ccode\u003eAdd Dynamic Partitions\u003c/code\u003e permission, and restrict access to only trusted users to reduce the attack surface.\u003c/li\u003e\n\u003cli\u003eMonitor Dagster logs for suspicious API requests related to the creation or modification of dynamic partitions to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement database auditing to track SQL queries executed by the I/O manager and identify potential SQL injection attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-18T01:07:59Z","date_published":"2026-04-18T01:07:59Z","id":"/briefs/2024-01-02-dagster-sqli/","summary":"A SQL injection vulnerability exists in Dagster's DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers, where a user with 'Add Dynamic Partitions' permission can inject arbitrary SQL due to improper escaping of dynamic partition key values, leading to unauthorized data access or modification.","title":"Dagster SQL Injection Vulnerability in Dynamic Partition Keys","url":"https://feed.craftedsignal.io/briefs/2024-01-02-dagster-sqli/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5827"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["sqli","web-application","injection"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA SQL injection vulnerability, identified as CVE-2026-5827, affects code-projects Simple IT Discussion Forum version 1.0. The vulnerability resides in the \u003ccode\u003e/question-function.php\u003c/code\u003e file and is triggered by manipulating the \u003ccode\u003econtent\u003c/code\u003e argument. Successful exploitation allows a remote attacker to inject arbitrary SQL commands, potentially leading to data exfiltration, modification, or complete system compromise. This vulnerability is considered high risk due to its ease of exploitation and the sensitive nature of data often stored in forum databases. The exploit is publicly available, increasing the likelihood of widespread exploitation. Defenders should prioritize patching and implementing mitigations to prevent potential attacks against vulnerable Simple IT Discussion Forum instances.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable Simple IT Discussion Forum 1.0 instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting \u003ccode\u003e/question-function.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes a SQL injection payload within the \u003ccode\u003econtent\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe application fails to properly sanitize the input, passing the malicious SQL query to the database.\u003c/li\u003e\n\u003cli\u003eThe database executes the injected SQL code.\u003c/li\u003e\n\u003cli\u003eThe attacker can extract sensitive data, such as user credentials or forum content.\u003c/li\u003e\n\u003cli\u003eThe attacker may modify data within the database, altering forum posts or user profiles.\u003c/li\u003e\n\u003cli\u003eIn a worst-case scenario, the attacker gains complete control of the database server.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability can have severe consequences. An attacker can gain unauthorized access to sensitive data, including user credentials, private messages, and other confidential information stored within the Simple IT Discussion Forum database. This can lead to identity theft, financial fraud, and reputational damage. Furthermore, attackers can modify or delete data, disrupt forum operations, or even gain complete control of the underlying server. Given the public availability of the exploit, unpatched instances are at significant risk of compromise.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply any available patches or updates for code-projects Simple IT Discussion Forum 1.0 to address CVE-2026-5827.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on the \u003ccode\u003e/question-function.php\u003c/code\u003e file to prevent SQL injection attacks, specifically targeting the \u003ccode\u003econtent\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eDeploy a web application firewall (WAF) with rules to detect and block SQL injection attempts against \u003ccode\u003e/question-function.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity, such as unusual characters or SQL keywords in the \u003ccode\u003econtent\u003c/code\u003e parameter of requests to \u003ccode\u003e/question-function.php\u003c/code\u003e. Enable webserver logging to activate the rules below.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect SQL injection attempts in web server logs.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-09T01:16:50Z","date_published":"2026-04-09T01:16:50Z","id":"/briefs/2026-04-simple-it-forum-sqli/","summary":"CVE-2026-5827 is a SQL injection vulnerability in code-projects Simple IT Discussion Forum 1.0, allowing remote attackers to execute arbitrary SQL commands by manipulating the 'content' argument in /question-function.php.","title":"Simple IT Discussion Forum SQL Injection Vulnerability (CVE-2026-5827)","url":"https://feed.craftedsignal.io/briefs/2026-04-simple-it-forum-sqli/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-34714","code-execution","vim","injection"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eVim, a widely used text editor, is susceptible to a critical vulnerability (CVE-2026-34714) affecting versions prior to 9.2.0272. This flaw allows for arbitrary code execution simply by opening a malicious file. The vulnerability stems from a %{expr} injection vulnerability within the tabpanel component, specifically when it lacks the P_MLE protection. The default configuration of Vim is susceptible, amplifying the risk. An attacker can craft a Vim file that, when opened, will trigger the…\u003c/p\u003e\n","date_modified":"2026-03-30T19:16:26Z","date_published":"2026-03-30T19:16:26Z","id":"/briefs/2026-03-vim-code-exec/","summary":"Vim versions before 9.2.0272 allow code execution upon opening a specially crafted file due to %{expr} injection in tabpanel lacking P_MLE in the default configuration, potentially leading to arbitrary code execution.","title":"Vim Code Execution Vulnerability via Crafted Files (CVE-2026-34714)","url":"https://feed.craftedsignal.io/briefs/2026-03-vim-code-exec/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["aws","cloudfront","injection","security"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA vulnerability exists in the CloudFront signing utilities within the AWS SDK for PHP, specifically impacting versions 3.11.7 through 3.371.3. These utilities are responsible for generating Amazon CloudFront signed URLs and signed cookies, which control access to content. The vulnerability arises from the improper handling of special characters, such as double quotes and backslashes, within input values used to construct policy documents. If an application passes unsanitized input containing these characters to the signing utilities, the resulting policy document may deviate from the application\u0026rsquo;s intended access restrictions. An enhancement was made to the AWS SDK for PHP version 3.371.4 to address this issue. This vulnerability impacts applications that do not properly sanitize inputs passed to the CloudFront signing utilities.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies an application using a vulnerable version of the AWS SDK for PHP (3.11.7 - 3.371.3) that utilizes CloudFront signed URLs or cookies.\u003c/li\u003e\n\u003cli\u003eThe attacker locates an input field within the application that is used to generate CloudFront policy documents.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious input string containing special characters (e.g., double quotes, backslashes) designed to manipulate the resulting policy document.\u003c/li\u003e\n\u003cli\u003eThe application passes the attacker-controlled input to the CloudFront signing utilities without proper sanitization or validation.\u003c/li\u003e\n\u003cli\u003eThe CloudFront signing utilities generate a signed URL or cookie with a flawed policy document due to the injected special characters.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the crafted signed URL or cookie to bypass intended access restrictions and potentially gain unauthorized access to protected content.\u003c/li\u003e\n\u003cli\u003eThe attacker accesses restricted resources on CloudFront that should have been protected by the intended policy.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could lead to unauthorized access to content protected by Amazon CloudFront. If an attacker can manipulate the policy document, they might bypass intended access restrictions, potentially exposing sensitive data or allowing unauthorized actions. The number of affected applications is unknown, but any application using the vulnerable versions of the AWS SDK for PHP and failing to sanitize input is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to AWS SDK for PHP version 3.371.4 or later to incorporate the fix that addresses special character handling (reference: Patches section).\u003c/li\u003e\n\u003cli\u003eImplement robust input validation in application code to sanitize or escape special characters before passing values to CloudFront signing utilities (reference: Workarounds section).\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual patterns of URL requests containing special characters that might indicate exploitation attempts (reference: webserver log source).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-27T19:54:58Z","date_published":"2026-03-27T19:54:58Z","id":"/briefs/2024-01-aws-sdk-cloudfront-injection/","summary":"A vulnerability exists in the AWS SDK for PHP CloudFront signing utilities where special characters in input values are not properly handled when creating policy documents, potentially leading to unintended access restrictions, affecting versions 3.11.7 through 3.371.3.","title":"AWS SDK for PHP CloudFront Policy Document Injection via Special Characters","url":"https://feed.craftedsignal.io/briefs/2024-01-aws-sdk-cloudfront-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["badaml","acpi","injection","confidential-computing"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe BadAML injection attack, initially published in 2024, exploits the ACPI interface in confidential virtual machines, allowing for arbitrary code execution. This vulnerability arises from the ability of an attacker with control over the host to inject malicious AML (ACPI Machine Language) code. This code, embedded within ACPI tables, is passed from the host (QEMU) to the guest firmware (OVMF) and subsequently to the Linux kernel. The kernel\u0026rsquo;s AML interpreter then executes this code, granting the attacker control within the guest environment. The Contrast platform versions prior to 1.18.0 are vulnerable on \u003ccode\u003eMetal-QEMU-SNP\u003c/code\u003e and \u003ccode\u003eMetal-QEMU-SNP-GPU\u003c/code\u003e platforms. Successful exploitation allows attackers to bypass security measures designed to protect confidential VMs.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains control over the host machine running the QEMU hypervisor.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious ACPI table containing arbitrary AML code.\u003c/li\u003e\n\u003cli\u003eThe malicious ACPI table is injected into the guest VM via QEMU.\u003c/li\u003e\n\u003cli\u003eThe OVMF firmware in the guest VM parses the ACPI table and passes the AML code to the Linux kernel.\u003c/li\u003e\n\u003cli\u003eThe Linux kernel\u0026rsquo;s AML interpreter executes the injected AML code.\u003c/li\u003e\n\u003cli\u003eThe AML code leverages its access to guest memory to escalate privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution within the guest VM.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform malicious actions, such as data exfiltration or further compromise of the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of the BadAML vulnerability allows attackers to execute arbitrary code within confidential VMs, potentially leading to data theft, service disruption, or complete system compromise. While the number of victims is unknown, the affected sectors include any environment utilizing the vulnerable Contrast platforms (\u003ccode\u003eMetal-QEMU-SNP\u003c/code\u003e and \u003ccode\u003eMetal-QEMU-SNP-GPU\u003c/code\u003e) for confidential computing. The impact is significant, as it undermines the security guarantees provided by confidential computing technologies.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Contrast installations on \u003ccode\u003eMetal-QEMU-SNP\u003c/code\u003e and \u003ccode\u003eMetal-QEMU-SNP-GPU\u003c/code\u003e platforms to version 1.18.0 or later to incorporate the kernel patch.\u003c/li\u003e\n\u003cli\u003eMonitor host systems for suspicious ACPI table modifications using custom scripts or host-based intrusion detection systems (no specific rule provided, but ACPI table modification events should be logged where possible).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-27T12:00:00Z","date_published":"2026-03-27T12:00:00Z","id":"/briefs/2026-03-badaml-injection/","summary":"The BadAML injection attack allows arbitrary code execution in confidential VMs by exploiting the ACPI interface, enabling attackers with host control to execute malicious AML code within the guest.","title":"BadAML Injection Allows Arbitrary Code Execution in Confidential VMs","url":"https://feed.craftedsignal.io/briefs/2026-03-badaml-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["injection","spring-ai","redis"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-22744 is a critical vulnerability found within the \u003ccode\u003eRedisFilterExpressionConverter\u003c/code\u003e of the Spring AI Redis Store. The vulnerability arises because the \u003ccode\u003estringValue()\u003c/code\u003e function directly inserts user-supplied strings into the \u003ccode\u003e@field:{VALUE}\u003c/code\u003e RediSearch TAG block without proper sanitization or escaping. This allows an attacker to inject arbitrary commands or data into the Redis database if they can control the input used as a filter value for a TAG field. This vulnerability affects…\u003c/p\u003e\n","date_modified":"2026-03-27T06:16:38Z","date_published":"2026-03-27T06:16:38Z","id":"/briefs/2026-03-spring-ai-redis-injection/","summary":"CVE-2026-22744 is a code injection vulnerability in Spring AI's RedisFilterExpressionConverter which allows an attacker to inject arbitrary commands into RediSearch TAG blocks via unescaped user-controlled strings, affecting versions 1.0.0 before 1.0.5 and 1.1.0 before 1.1.4.","title":"Spring AI Redis Store TAG Injection Vulnerability (CVE-2026-22744)","url":"https://feed.craftedsignal.io/briefs/2026-03-spring-ai-redis-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["n8n","rce","alaqsl","injection"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical remote code execution vulnerability has been identified in n8n, a popular workflow automation tool. Specifically, the vulnerability resides within the Merge node\u0026rsquo;s \u0026ldquo;Combine by SQL\u0026rdquo; mode. Versions of n8n prior to 2.14.1, 2.13.3, and 1.123.27 are affected. An authenticated user with the ability to create or modify workflows can leverage the AlaSQL sandbox\u0026rsquo;s insufficient input sanitization to inject malicious SQL code. This allows the attacker to potentially read arbitrary local files from the n8n host or execute arbitrary commands, leading to full system compromise. This vulnerability poses a significant risk to organizations using n8n, as it allows attackers to gain unauthorized access and control over their systems and data.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker authenticates to the n8n instance with user account having workflow creation/modification permissions.\u003c/li\u003e\n\u003cli\u003eThe attacker creates or modifies an existing workflow.\u003c/li\u003e\n\u003cli\u003eThe attacker adds a Merge node to the workflow and sets its mode to \u0026ldquo;Combine by SQL\u0026rdquo;.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious SQL query within the Merge node\u0026rsquo;s SQL configuration, taking advantage of insufficient input validation in the AlaSQL sandbox. The SQL query may attempt to read sensitive files from the file system, for example, \u003ccode\u003e/etc/passwd\u003c/code\u003e or application configuration files.\u003c/li\u003e\n\u003cli\u003eThe malicious SQL query executes when the workflow is triggered, potentially reading files from the n8n server.\u003c/li\u003e\n\u003cli\u003eAlternatively, the malicious SQL query could execute commands via the \u003ccode\u003eSYSTEM\u003c/code\u003e function or other methods available through AlaSQL, leading to remote code execution on the n8n host.\u003c/li\u003e\n\u003cli\u003eIf successful, the attacker gains control of the n8n process.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the compromised n8n instance to pivot to other systems on the network, steal sensitive data, or disrupt services.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to execute arbitrary code on the n8n server. This can lead to complete system compromise, including the ability to steal sensitive data, install malware, or disrupt services. The number of affected n8n instances is currently unknown, but given the popularity of the platform in various sectors, the potential impact is widespread. Organizations using vulnerable versions of n8n are at high risk of data breaches, financial losses, and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade n8n to version 2.14.1, 2.13.3, 1.123.27 or later to patch CVE-2026-33660.\u003c/li\u003e\n\u003cli\u003eIf upgrading is not immediately feasible, limit workflow creation and editing permissions to only fully trusted users as a short-term mitigation (reference Overview).\u003c/li\u003e\n\u003cli\u003eAs an alternative temporary workaround, disable the Merge node by adding \u003ccode\u003en8n-nodes-base.merge\u003c/code\u003e to the \u003ccode\u003eNODES_EXCLUDE\u003c/code\u003e environment variable (reference Overview).\u003c/li\u003e\n\u003cli\u003eMonitor n8n application logs for suspicious SQL queries or other anomalous activity originating from the Merge node (create custom detection logic based on observed AlaSQL activity).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-26T12:00:00Z","date_published":"2026-03-26T12:00:00Z","id":"/briefs/2026-03-n8n-rce/","summary":"An authenticated user with workflow creation/modification permissions can exploit insufficient restrictions in the n8n Merge node's AlaSQL sandbox to achieve remote code execution by reading local files or executing commands on the n8n host.","title":"n8n Merge Node AlaSQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-03-n8n-rce/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Dgraph"],"_cs_severities":["critical"],"_cs_tags":["dgraph","dql-injection","injection","database-exfiltration"],"_cs_type":"advisory","_cs_vendors":["Dgraph"],"content_html":"\u003cp\u003eA critical vulnerability exists in Dgraph, a graph database, allowing unauthenticated attackers to perform full database exfiltration. This flaw resides within the \u003ccode\u003e/mutate\u003c/code\u003e endpoint, specifically when Access Control Lists (ACL) are disabled, which is the default configuration. By injecting malicious DQL queries via a crafted \u003ccode\u003econd\u003c/code\u003e field in an upsert mutation, attackers can bypass authorization checks and extract sensitive data, including user credentials and secrets. The vulnerability stems from the lack of proper sanitization of the \u003ccode\u003econd\u003c/code\u003e field, leading to direct concatenation into the DQL query string. This vulnerability was found in v25.3.0, but may exist in other versions as well.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker sends an HTTP POST request to the \u003ccode\u003e/mutate?commitNow=true\u003c/code\u003e endpoint without any authentication headers (e.g., \u003ccode\u003eX-Dgraph-AccessToken\u003c/code\u003e, \u003ccode\u003eX-Dgraph-AuthToken\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003emutationHandler\u003c/code\u003e in \u003ccode\u003ehttp.go\u003c/code\u003e extracts the request body and processes the \u003ccode\u003emutations\u003c/code\u003e array, including the \u003ccode\u003econd\u003c/code\u003e field, using \u003ccode\u003estrconv.Unquote\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe request proceeds to \u003ccode\u003eedgraph.Server.QueryNoGrpc\u003c/code\u003e, where the \u003ccode\u003eCond\u003c/code\u003e value is copied verbatim to \u003ccode\u003edql.Mutation.Cond\u003c/code\u003e in \u003ccode\u003eserver.go\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ebuildUpsertQuery\u003c/code\u003e function in \u003ccode\u003eserver.go\u003c/code\u003e performs a simple string replacement (\u003ccode\u003e@if\u003c/code\u003e to \u003ccode\u003e@filter\u003c/code\u003e) but otherwise concatenates the unsanitized \u003ccode\u003eCond\u003c/code\u003e value into the DQL query.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003edql.ParseWithNeedVars\u003c/code\u003e parser processes the constructed DQL string, accepting the injected query blocks as valid DQL.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eauthorizeQuery\u003c/code\u003e function in \u003ccode\u003eaccess.go\u003c/code\u003e returns \u003ccode\u003enil\u003c/code\u003e immediately because ACL is disabled (\u003ccode\u003eAclSecretKey == nil\u003c/code\u003e), bypassing authorization checks.\u003c/li\u003e\n\u003cli\u003eThe injected query block executes, traversing and extracting data from the database.\u003c/li\u003e\n\u003cli\u003eThe response, containing the exfiltrated data, is returned to the attacker via \u003ccode\u003ehttp.go\u003c/code\u003e, effectively granting unauthorized access to sensitive information.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability results in complete database exfiltration. Attackers can retrieve all nodes, predicates, and values within the Dgraph database, including sensitive data such as user credentials, API keys, and Personally Identifiable Information (PII). Given the default configuration of Dgraph lacking ACL enabled, this poses a significant risk to organizations relying on Dgraph for data storage. The injection can also manipulate upsert conditions, bypassing uniqueness constraints and conditional mutation logic.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnable ACL on all Dgraph instances and configure appropriate access controls to mitigate unauthorized data access.\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u003ccode\u003eDetect Dgraph DQL Injection in Mutation Endpoint\u003c/code\u003e to identify potentially malicious requests to the \u003ccode\u003e/mutate\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eSanitize and validate user-supplied input, especially the \u003ccode\u003econd\u003c/code\u003e field in mutation requests, to prevent DQL injection attacks.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic to detect suspicious POST requests to the \u003ccode\u003e/mutate\u003c/code\u003e endpoint with unusual or unexpected \u003ccode\u003econd\u003c/code\u003e values.\u003c/li\u003e\n\u003cli\u003eReview and restrict network access to the Dgraph instance, limiting access only to authorized clients and networks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-10-26T12:00:00Z","date_published":"2024-10-26T12:00:00Z","id":"/briefs/2024-10-dgraph-dql-injection/","summary":"A pre-authentication DQL injection vulnerability in Dgraph's `/mutate` endpoint, when ACL is disabled, allows attackers to exfiltrate the entire database by crafting a malicious `cond` field in an upsert mutation.","title":"Dgraph Pre-Auth DQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-10-dgraph-dql-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["xmldom"],"_cs_severities":["high"],"_cs_tags":["xml","injection","deserialization","vulnerability"],"_cs_type":"advisory","_cs_vendors":["xmldom"],"content_html":"\u003cp\u003eThe xmldom library is susceptible to XML node injection due to a lack of validation when serializing comment nodes. Versions prior to 0.8.13 and versions between 0.9.0 and 0.9.10 are vulnerable. An attacker can inject arbitrary XML nodes into the serialized output by including comment-breaking sequences (e.g., \u003ccode\u003e--\u0026gt;\u003c/code\u003e) in the comment data. This allows them to alter the structure of the XML document. Exploitation involves crafting malicious input that leverages the library\u0026rsquo;s DOM construction and serialization flow. It matters because applications using xmldom to process potentially untrusted XML data could be coerced into generating malicious XML structures. The fix requires an opt-in \u003ccode\u003erequireWellFormed\u003c/code\u003e flag to be enabled when calling \u003ccode\u003eserializeToString()\u003c/code\u003e.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn application receives untrusted data intended for use in XML comment content.\u003c/li\u003e\n\u003cli\u003eThe application calls \u003ccode\u003ecreateComment(data)\u003c/code\u003e in xmldom, passing the untrusted data. The library stores the data without proper validation.\u003c/li\u003e\n\u003cli\u003eThe application constructs an XML document, including the comment node created in the previous step.\u003c/li\u003e\n\u003cli\u003eThe application calls \u003ccode\u003eserializeToString()\u003c/code\u003e on the XML document to serialize it.\u003c/li\u003e\n\u003cli\u003eIf the untrusted data contains comment-breaking sequences, such as \u003ccode\u003e--\u0026gt;\u003c/code\u003e, the serializer prematurely terminates the comment.\u003c/li\u003e\n\u003cli\u003eThe serializer injects any subsequent content in the untrusted data as live XML markup.\u003c/li\u003e\n\u003cli\u003eThe application stores, forwards, signs, or hands the serialized XML to another parser.\u003c/li\u003e\n\u003cli\u003eThe downstream consumer trusts the altered XML structure, leading to unintended consequences, such as misconfiguration or security bypass.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows attackers to inject arbitrary XML nodes, potentially altering the structure and meaning of generated XML documents. This could lead to misconfiguration, policy bypass, or other security vulnerabilities in applications that rely on the integrity of the XML structure. The vulnerability affects applications that use xmldom to build XML from untrusted input. The number of victims depends on the usage of the vulnerable library and the exposure of applications to untrusted XML data.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to \u003ccode\u003e@xmldom/xmldom\u003c/code\u003e version 0.8.13 or 0.9.10 or later to gain access to the fix.\u003c/li\u003e\n\u003cli\u003eAudit all calls to \u003ccode\u003eserializeToString()\u003c/code\u003e and add the \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e option when serializing comments containing potentially untrusted data.\u003c/li\u003e\n\u003cli\u003eImplement server-side input validation to sanitize comment data by removing comment-breaking sequences like \u003ccode\u003e--\u0026gt;\u003c/code\u003e before passing it to \u003ccode\u003ecreateComment()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect comment injections.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-26T12:00:00Z","date_published":"2024-01-26T12:00:00Z","id":"/briefs/2024-01-26-xmldom-injection/","summary":"The xmldom library is vulnerable to XML node injection, allowing attackers to inject arbitrary XML nodes into serialized output by manipulating comment content; this is mitigated by using the `requireWellFormed` option in `serializeToString` after upgrading to version 0.8.13 or 0.9.10.","title":"xmldom XML Node Injection via Comment Serialization","url":"https://feed.craftedsignal.io/briefs/2024-01-26-xmldom-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["NocoBase"],"_cs_severities":["critical"],"_cs_tags":["sqli","nocobase","cve-2026-41640","injection"],"_cs_type":"advisory","_cs_vendors":["NocoBase"],"content_html":"\u003cp\u003eA SQL injection vulnerability exists in NocoBase version 2.0.32 and earlier due to string concatenation in the \u003ccode\u003equeryParentSQL()\u003c/code\u003e function within the \u003ccode\u003e@nocobase/database\u003c/code\u003e core package. The vulnerability stems from how the \u003ccode\u003equeryParentSQL()\u003c/code\u003e function constructs a recursive CTE query by concatenating \u003ccode\u003enodeIds\u003c/code\u003e instead of using parameterized queries. An attacker with record creation permissions on a tree collection with string-type primary keys can inject arbitrary SQL via a malicious string primary key value in a created record. This injection is triggered when a subsequent request initiates recursive eager loading on that collection. This can lead to confidentiality breaches (extraction of database values including credentials), integrity issues (data manipulation via stacked queries), and availability problems (resource exhaustion). On PostgreSQL with superuser privileges, OS command execution is possible. The vulnerability affects all collections using a tree/adjacency-list structure with string primary keys. The same concatenation pattern also exists in \u003ccode\u003eplugin-field-sort/src/server/sort-field.ts:124\u003c/code\u003e. The vulnerability is tracked as CVE-2026-41640.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains access to the NocoBase application with privileges to create records in a collection.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies a \u0026ldquo;tree\u0026rdquo; collection that utilizes a string-type primary key.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious primary key string containing SQL injection payload, such as \u003ccode\u003eroot') UNION ALL SELECT CAST((SELECT email FROM users LIMIT 1) AS integer)::text, NULL::text WHERE ('1'='1\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker creates a new record in the target collection using the crafted malicious primary key.\u003c/li\u003e\n\u003cli\u003eA subsequent request is made that triggers recursive eager loading on the target collection, specifically when a \u003ccode\u003eBelongsTo\u003c/code\u003e association has \u003ccode\u003erecursively: true\u003c/code\u003e and instances exist, calling the vulnerable \u003ccode\u003equeryParentSQL\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003equeryParentSQL\u003c/code\u003e function concatenates the malicious primary key into the SQL query without proper sanitization or parameterization.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code is executed against the database, allowing the attacker to extract sensitive data via error messages or potentially perform other malicious actions.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves the extracted data from the error messages or through other means, such as direct database access if integrity is compromised.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis SQL injection vulnerability can lead to severe consequences. Successful exploitation can result in the unauthorized disclosure of sensitive information, including database credentials and other user data. Attackers can potentially modify data or execute arbitrary commands on the database server, leading to data corruption or system compromise. In the case of PostgreSQL databases with superuser privileges, attackers might gain operating system-level access. The vulnerability affects all collections using tree/adjacency-list structure with string-type primary keys, increasing the attack surface. Confirmed extractions include version information, database names, emails, and password hashes.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect NocoBase SQL Injection Attempt in Primary Key\u003c/code\u003e to your SIEM to detect attempts to exploit this vulnerability via malicious primary key values.\u003c/li\u003e\n\u003cli\u003eApply the suggested fix from the advisory by using parameterized queries in \u003ccode\u003epackages/core/database/src/eager-loading/eager-loading-tree.ts\u003c/code\u003e as referenced in the overview.\u003c/li\u003e\n\u003cli\u003eApply the same fix to \u003ccode\u003eplugin-field-sort/src/server/sort-field.ts:124\u003c/code\u003e to address the identical concatenation pattern as described in the overview.\u003c/li\u003e\n\u003cli\u003eValidate primary key values at record creation time to reject or escape values containing SQL metacharacters (\u003ccode\u003e'\u003c/code\u003e, \u003ccode\u003e\u0026quot;\u003c/code\u003e, \u003ccode\u003e;\u003c/code\u003e, \u003ccode\u003e--\u003c/code\u003e) in string-type primary key fields, as suggested in the advisory.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-nocobase-sqli/","summary":"NocoBase versions 2.0.32 and earlier are vulnerable to SQL injection due to string concatenation in the `queryParentSQL()` function, allowing attackers with record creation permissions to inject arbitrary SQL and potentially extract sensitive information or execute commands.","title":"NocoBase SQL Injection via Recursive Eager Loading","url":"https://feed.craftedsignal.io/briefs/2024-01-nocobase-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Injection","version":"https://jsonfeed.org/version/1.1"}