CVE-2026-41490

Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...

CVE-2026-41490

CVE-2026-41490 affects Dagster’s dynamic partition keys in I/O managers (DuckDB, Snowflake, BigQuery, DeltaLake). Prior to Dagster Core 1.13.1 and Dagster libraries 0.29.1, SQL WHERE clauses were built by interpolating partition key values without escaping, allowing a user with Add Dynamic Partit...

CVE-2026-41490 Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations

Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...

Dagster SQL注入漏洞

Dagster is an open-source orchestration platform developed by Dagster for developing, producing, and monitoring data assets. Versions of Dagster prior to 1.13.1 and Dagster libraries prior to 0.29.1 have a SQL injection vulnerability. This vulnerability arises from the fact that DuckDB, Snowflake...

GHSA-MJW2-V2HM-WJ34 Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations

Summary The DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating dynamic partition key values into queries without escaping. A user with the Add Dynamic Partitions permission could create a partition key that injects arbitrary SQL, which would...

dagster-deltalake-pandas (>=0.21.9 <=0.29.0), dagster-deltalake-polars (>=0.21.9 <=0.29.0) potentially affected by CVE-2026-41490 via dagster-deltalake (>=0.21.10 <=0.29.0)

dagster-deltalake PYPI version =0.21.10, =0.21.9, =0.21.9, =0.29.0 Source cves: CVE-2026-41490 Source advisory: SNYK:PYTHON-DAGSTERDELTALAKE-16109576...

PT-2026-37118

Name of the Vulnerable Software and Affected Versions Dagster Core versions prior to 1.13.1 Dagster libraries versions prior to 0.29.1 Description DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers construct SQL WHERE clauses by interpolating dynamic partition key values into queries without...

io.github.jordepic:dataharness-trino (>=1.0 <=2.0), io.trino.gateway:gateway-ha (>=14 <=16) +19 more potentially affected by CVE-2025-67721 via io.airlift:aircompressor-v3 (>=3.0 <=3.3)

io.airlift:aircompressor-v3 MAVEN version =3.0, =1.0, =14, =466, =457, =464, =457, =457, =457, =457, =457, =457, =457, =457, =469, =472, =475 and more Source cves: CVE-2025-67721 Source advisory: SNYK:JAVA-IOAIRLIFT-14412704...