Sqlfluff

SQLFluff versions prior to 4.2.0 are vulnerable to uncontrolled resource consumption (CVE-2026-46374), allowing an attacker to cause a denial of service by submitting a maliciously crafted, long SQL query.

A maliciously crafted SQL query with excessive nesting can cause a denial of service by exhausting resources when parsed by SQLFluff versions prior to 4.1.0; version 4.1.0 introduces a configurable recursion limit to mitigate this vulnerability.