Vendor
critical
advisory
DIRAC Vulnerable to Remote Code Execution via SQL Injection and Eval in DatasetManager
6 TTPsAn authenticated user can achieve remote code execution in DIRAC's FileCatalog DatasetManager due to an SQL injection vulnerability (CVE-2026-61667) that allows manipulation of query results passed to an `eval` function, leading to full system compromise.
DIRAC
remote-code-execution
sql-injection
python
web-application
vulnerability
cve-2026-61667
6t
critical
advisory
DIRAC Vulnerable to Remote Code Execution via eval on Untrusted Input in RequestManager
2 rules 6 TTPsA critical remote code execution vulnerability (CVE-2026-45579) in DIRAC's RequestManager allows any authenticated user to execute arbitrary commands or code on the DIRAC server due to the improper use of `eval()` on untrusted input, leading to full system compromise including data exfiltration and log manipulation.
DIRAC +2
RCE
python
web-application
vulnerability
sql-injection
access-control
2r
6t