{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/sqlfluff/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["sqlfluff (\u003c 4.2.0)"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","resource-exhaustion","sqlfluff"],"_cs_type":"advisory","_cs_vendors":["Imperva"],"content_html":"\u003cp\u003eSQLFluff versions before 4.2.0 are susceptible to an uncontrolled resource consumption vulnerability (CVE-2026-46374). This flaw enables an attacker to exhaust system resources by providing a specially crafted, excessively long SQL query to the SQLFluff parser. This can lead to a Denial-of-Service (DoS) condition, impacting applications that rely on SQLFluff for SQL query linting. The vulnerability was reported by Ori Nakar from Imperva Threat Research Team. Version 4.2.0 introduces a configurable parse node limit to mitigate this vulnerability, preventing the parser from processing excessively complex queries. Exploitation requires untrusted users to be able to submit SQL queries for linting.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts an extremely long and complex SQL query designed to consume excessive resources during parsing.\u003c/li\u003e\n\u003cli\u003eThe attacker submits the malicious SQL query to an application that uses a vulnerable version of SQLFluff (prior to 4.2.0) for linting purposes.\u003c/li\u003e\n\u003cli\u003eThe application passes the query to the SQLFluff parser.\u003c/li\u003e\n\u003cli\u003eThe SQLFluff parser attempts to process the extremely long and complex SQL query.\u003c/li\u003e\n\u003cli\u003eDue to the lack of input validation and resource limits in vulnerable versions, the parser consumes excessive CPU and memory.\u003c/li\u003e\n\u003cli\u003eThe application\u0026rsquo;s performance degrades significantly as system resources are exhausted.\u003c/li\u003e\n\u003cli\u003eThe application becomes unresponsive or crashes due to the resource exhaustion, leading to a denial-of-service.\u003c/li\u003e\n\u003cli\u003eLegitimate users are unable to access the application or its SQL linting functionality.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can result in a denial-of-service condition, rendering applications relying on SQLFluff unavailable. The impact is particularly significant in environments where untrusted users can submit arbitrary SQL queries for linting, as it allows malicious actors to easily disrupt service availability. There is no specific victim count available. This affects any environment using SQLFluff prior to version 4.2.0.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade SQLFluff to version 4.2.0 or later to incorporate the fix for CVE-2026-46374.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on SQL queries submitted for linting to prevent excessively long or complex queries from reaching the SQLFluff parser.\u003c/li\u003e\n\u003cli\u003eMonitor system resource utilization (CPU, memory) on systems running SQLFluff to detect potential resource exhaustion attacks. Consider deploying the Sigma rule \u003ccode\u003eDetect SQLFluff Excessive Query Length\u003c/code\u003e to identify potentially malicious queries based on their length.\u003c/li\u003e\n\u003cli\u003eConfigure the parse node limit in SQLFluff 4.2.0 and later to restrict the resources consumed by the parser when processing complex SQL queries.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-19T20:13:42Z","date_published":"2026-05-19T20:13:42Z","id":"https://feed.craftedsignal.io/briefs/2026-05-sqlfluff-resource-consumption/","summary":"SQLFluff versions prior to 4.2.0 are vulnerable to uncontrolled resource consumption (CVE-2026-46374), allowing an attacker to cause a denial of service by submitting a maliciously crafted, long SQL query.","title":"SQLFluff Uncontrolled Resource Consumption Vulnerability (CVE-2026-46374)","url":"https://feed.craftedsignal.io/briefs/2026-05-sqlfluff-resource-consumption/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["sqlfluff (\u003c 4.1.0)"],"_cs_severities":["high"],"_cs_tags":["dos","sqlfluff","CVE-2026-46373"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eSQLFluff versions prior to 4.1.0 are vulnerable to a denial-of-service (DoS) attack (CVE-2026-46373) stemming from a recursive stack overflow in the parser. This vulnerability occurs when an untrusted user submits a malicious SQL query containing excessive nesting. The excessive nesting leads to unbounded recursion during parsing, which exhausts system resources and results in a DoS condition. The Imperva Threat Research Team discovered and reported this vulnerability. SQLFluff is commonly used for linting SQL queries, and deployments that allow untrusted users to submit SQL queries for linting are particularly at risk. Version 4.1.0 and later contain a configurable recursion limit, enabled by default, which effectively mitigates this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a target application that utilizes SQLFluff for SQL query linting and accepts user-provided SQL queries.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious SQL query with deliberate, excessive nesting of SQL constructs (e.g., nested SELECT statements, subqueries, or deeply nested expressions).\u003c/li\u003e\n\u003cli\u003eThe attacker submits the crafted SQL query to the target application.\u003c/li\u003e\n\u003cli\u003eThe target application passes the SQL query to SQLFluff for linting.\u003c/li\u003e\n\u003cli\u003eSQLFluff\u0026rsquo;s parser attempts to parse the deeply nested SQL query, leading to uncontrolled recursion.\u003c/li\u003e\n\u003cli\u003eThe recursion consumes excessive stack memory and CPU resources.\u003c/li\u003e\n\u003cli\u003eThe application\u0026rsquo;s resources become exhausted, leading to a denial-of-service condition.\u003c/li\u003e\n\u003cli\u003eThe target application becomes unresponsive or crashes, impacting availability for legitimate users.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability results in a denial-of-service condition, rendering the target application unresponsive or unavailable. The severity of the impact depends on the criticality of the affected application and the scale of its user base. While the number of victims is unknown, any system using affected versions of SQLFluff and processing untrusted queries could be impacted. This affects systems where users can supply SQL queries for testing or linting.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade SQLFluff to version 4.1.0 or later to benefit from the implemented recursion limit, mitigating CVE-2026-46373.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures to limit the complexity and depth of user-supplied SQL queries, even if SQLFluff is upgraded.\u003c/li\u003e\n\u003cli\u003eMonitor CPU and memory usage of systems running SQLFluff to detect potential DoS attacks. Deploy the Sigma rule \u003ccode\u003eDetect SQLFluff Excessive Recursion Attempt\u003c/code\u003e to identify suspicious command execution patterns.\u003c/li\u003e\n\u003cli\u003eIf upgrading is not immediately feasible, consider implementing a rate-limiting mechanism to restrict the number of SQL query submissions from a single user or IP address within a specific timeframe.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-19T20:10:45Z","date_published":"2026-05-19T20:10:45Z","id":"https://feed.craftedsignal.io/briefs/2026-05-sqlfluff-dos/","summary":"A maliciously crafted SQL query with excessive nesting can cause a denial of service by exhausting resources when parsed by SQLFluff versions prior to 4.1.0; version 4.1.0 introduces a configurable recursion limit to mitigate this vulnerability.","title":"SQLFluff Recursive Stack Overflow Vulnerability (CVE-2026-46373)","url":"https://feed.craftedsignal.io/briefs/2026-05-sqlfluff-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Sqlfluff","version":"https://jsonfeed.org/version/1.1"}