Tag

Ory-Kratos

1 brief RSS

Ory Kratos SQL Injection Vulnerability in ListCourierMessages API

A SQL injection vulnerability exists in the ListCourierMessages Admin API of Ory Kratos versions prior to 26.2.0 due to flaws in its pagination implementation, allowing attackers to craft malicious tokens if the pagination secret is known or the default secret is used.

ory-kratos sql-injection cve-2026-33503 cloud

2r 1t Mar 26, 2026