Vendor
CVE-2026-47668 is a critical remote code execution vulnerability affecting DbGate versions 7.1.8 and earlier in the JSON Script Runner component where user-controlled fields are concatenated into dynamically generated JavaScript without adequate validation, allowing arbitrary code execution, and an attacker may obtain a Bearer token and reach the vulnerable endpoint without valid credentials leading to full server compromise; upgrade to DbGate 7.1.9+ immediately to remediate the vulnerability.