6 matches found
CVE-2026-42087
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...
EUVD-2026-27063
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...
CVE-2026-42087
OpenC3 COSMOS TSDB is affected by a SQL injection in the tsdb_lookup function of cvt_model.rb, where user-supplied input is directly placed into a SQL query. Affected versions are 6.7.0 through 7.0.0-rc2 (before the patched 7.0.0-rc3). This allows an attacker to break out of the initial SQL state...
CVE-2026-42087
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...
GHSA-V529-VHWC-WFC5 OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database
Vulnerability Type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Attack type: Authenticated remote Impact: Telemetry data disclosure and deletion Affected components: openc3-tsdb QuestDB A SQL injection vulnerability exists in the Time-Series Database...
PT-2026-36881
Name of the Vulnerable Software and Affected Versions OpenC3 COSMOS versions 6.7.0 through 7.0.0-rc3 Description The Time-Series Database TSDB component contains a SQL injection flaw. The tsdb lookup function within the cvt model.rb file incorporates user-supplied input into a SQL query without...