3 matches found
EUVD-2026-43229
Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/adminstats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform adm...
CVE-2026-56221 Cap-go - SQL Injection in Cloudflare Analytics Engine Queries via cloudflare.ts
Cap-go before 12.128.2 contains multiple SQL injection vulnerabilities in cloudflare.ts where user-controlled values from API request bodies are interpolated directly into SQL query strings without sanitization or parameterization. Authenticated users with read-level API key permissions can injec...
CVE-2026-56221
CVE-2026-56221 : Cap-go before 12.128.2 contains SQL injection flaws in cloudflare.ts. User-controlled values from API request bodies are interpolated directly into SQL strings without sanitization or parameterization. Authenticated users with read-level API key permissions can inject arbitrary S...