CVE-2026-29090

🗓️ 06 May 2026 17:21:24Reported by GitHub_MType

cve🔗 web.nvd.nist.gov👁 10 Views🌐 WEB

Rucio supports a vulnerability where authenticated users can execute arbitrary structured query language on the metadata database via the search endpoint; fixed in multiple versions.

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2026-29090	6 May 202617:21	–	attackerkb
CNNVD	Rucio SQL注入漏洞	6 May 202600:00	–	cnnvd
Cvelist	CVE-2026-29090 Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database	6 May 202617:21	–	cvelist
EUVD	EUVD-2026-27875	6 May 202616:44	–	euvd
Github Security Blog	Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API	6 May 202616:44	–	github
NVD	CVE-2026-29090	6 May 202618:16	–	nvd
OSV	GHSA-6J7P-QJHG-9947 Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API	6 May 202616:44	–	osv
Positive Technologies	PT-2026-38087	6 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-29090	5 Jun 202619:21	–	redhatcve
Snyk	SQL Injection	6 May 202616:44	–	snyk

NVD

Vulners

Node

cern rucioRange1.30.0–35.8.5

cern rucioRange36.0.0–38.5.5

cern rucioRange39.0.0–39.4.2

cern rucioRange40.0.0–40.1.1

[
  {
    "vendor": "rucio",
    "product": "rucio",
    "versions": [
      {
        "version": ">= 1.30.0, < 35.8.5",
        "status": "affected"
      },
      {
        "version": ">= 35.9.0, < 38.5.5",
        "status": "affected"
      },
      {
        "version": ">= 38.6.0, < 39.4.2",
        "status": "affected"
      },
      {
        "version": ">= 40.0.0, < 40.1.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/rucio/rucio/security/advisories/GHSA-6j7p-qjhg-9947

Parameter	Position	Path	Description	CWE
filter	query param	/dids/<scope>/dids/search	SQL injection via attacker-controlled filter keys/values interpolated into raw SQL in postgres_meta plugin	CWE-89

17 Jun 2026 10:29Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.18.8

CVSS 49

EPSS0.00301

SSVC

CWE-89