{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/openproject/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.9,"id":"CVE-2026-34717"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["openproject","sqli","cve-2026-34717","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOpenProject, a web-based project management software, is vulnerable to SQL injection in versions prior to 17.2.3. The vulnerability lies within the \u003ccode\u003e=n\u003c/code\u003e operator located in \u003ccode\u003emodules/reporting/lib/report/operator.rb:177\u003c/code\u003e. This operator improperly handles user input by directly embedding it into SQL WHERE clauses without adequate parameterization. An attacker could leverage this flaw to inject malicious SQL code, potentially leading to unauthorized data access, modification, or deletion. The vulnerability was reported on April 2, 2026, and patched in version 17.2.3. Organizations using vulnerable versions of OpenProject are at risk of data breaches and system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies an OpenProject instance running a version prior to 17.2.3.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting an endpoint that utilizes the vulnerable \u003ccode\u003e=n\u003c/code\u003e operator within the \u003ccode\u003emodules/reporting/lib/report/operator.rb\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003eThe malicious request injects SQL code through a parameter processed by the vulnerable operator.\u003c/li\u003e\n\u003cli\u003eThe OpenProject application executes the attacker-controlled SQL code against the database due to the lack of input sanitization.\u003c/li\u003e\n\u003cli\u003eThe attacker bypasses authentication or authorization checks by manipulating the SQL query.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves sensitive data from the database, such as user credentials or project information.\u003c/li\u003e\n\u003cli\u003eThe attacker may modify data within the database, potentially altering project configurations or injecting malicious content.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves complete database compromise, potentially leading to a full system takeover if database privileges are sufficient.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability can lead to significant data breaches, potentially exposing sensitive project data, user credentials, and confidential information. The impact ranges from unauthorized data access and modification to complete database compromise. Depending on the database privileges, this could lead to full system takeover. Organizations in various sectors utilizing vulnerable versions of OpenProject could be affected, resulting in financial losses, reputational damage, and legal liabilities. The CVSS v3.1 base score for this vulnerability is 9.9 (Critical).\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade OpenProject instances to version 17.2.3 or later to patch the SQL injection vulnerability (CVE-2026-34717).\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious HTTP requests targeting the vulnerable endpoint (\u003ccode\u003emodules/reporting/lib/report/operator.rb\u003c/code\u003e) that contain SQL injection attempts. Deploy the provided Sigma rule \u003ccode\u003eDetect OpenProject SQL Injection Attempt\u003c/code\u003e to detect potential exploitation.\u003c/li\u003e\n\u003cli\u003eImplement a web application firewall (WAF) to filter out malicious requests and prevent SQL injection attacks.\u003c/li\u003e\n\u003cli\u003eReview and harden database access controls to minimize the impact of potential SQL injection attacks.\u003c/li\u003e\n\u003cli\u003eEnable and monitor audit logs for database activity to detect any unauthorized data access or modification.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-02T18:16:33Z","date_published":"2026-04-02T18:16:33Z","id":"/briefs/2026-04-openproject-sqli/","summary":"OpenProject versions before 17.2.3 are susceptible to SQL injection due to improper input sanitization in the '=n' operator, potentially allowing remote attackers to execute arbitrary SQL commands.","title":"OpenProject SQL Injection Vulnerability (CVE-2026-34717)","url":"https://feed.craftedsignal.io/briefs/2026-04-openproject-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Openproject","version":"https://jsonfeed.org/version/1.1"}