95 matches found
CVE-2026-29090
Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...
CVE-2026-29090 Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database
Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...
CVE-2026-29090
Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...
CVE-2026-29090
Rucio contains a SQL injection in FilterEngine.create_postgres_query() when the postgres_meta metadata plugin is configured. Attacker-controlled filter keys/values are interpolated into raw SQL via Python .format() and passed to psycopg3.sql.SQL(), enabling arbitrary SQL against the PostgreSQL me...
CVE-2026-29090 Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database
Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...
CVE-2026-29080 Rucio SQL Injection in FilterEngine Oracle JSON Path via DID Search API
A SQL injection vulnerability in FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. On Oracle deployments attacker-controlled filter keys and values are interpolated directl...
CVE-2026-29080 Rucio SQL Injection in FilterEngine Oracle JSON Path via DID Search API
A SQL injection vulnerability in FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. On Oracle deployments attacker-controlled filter keys and values are interpolated directl...
CVE-2026-29080
A SQL injection vulnerability in FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. On Oracle deployments attacker-controlled filter keys and values are interpolated directl...
GHSA-6J7P-QJHG-9947 Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API
Summary A SQL injection vulnerability in FilterEngine.createpostgresquery allows any authenticated Rucio user to execute arbitrary SQL against the configured PostgreSQL metadata database through the DID search endpoint GET /dids//dids/search. When the external metadata plugin postgresmeta is...
pic-rucio (>=0.0.1 <=2024.10.3.71620) potentially affected by CVE-2026-29090 via rucio (=1.30.5)
rucio PYPI version =1.30.5 is affected by a known vulnerability. The following packages have a transitive dependency on rucio and may be impacted: - pic-rucio =0.0.1, =2024.10.3.71620 Source cves: CVE-2026-29090 Source advisory: OSV:GHSA-6J7P-QJHG-9947...
EUVD-2026-27875
Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API...
pic-rucio (>=0.0.1 <=2024.10.3.71620) potentially affected by CVE-2026-29090 via rucio (=1.30.5)
rucio PYPI version =1.30.5 is affected by a known vulnerability. The following packages have a transitive dependency on rucio and may be impacted: - pic-rucio =0.0.1, =2024.10.3.71620 Source cves: CVE-2026-29090 Source advisory: SNYK:PYTHON-RUCIO-16635087...
SQL Injection
Overview rucio is a Rucio Package Affected versions of this package are vulnerable to SQL Injection via the createpostgresquery function when attacker-controlled filter keys and values are interpolated directly into raw SQL statements through the DID search endpoint. An attacker can execute...
pic-rucio (>=0.0.1 <=2024.10.3.71620) potentially affected by CVE-2026-29080 via rucio (=1.30.5)
rucio PYPI version =1.30.5 is affected by a known vulnerability. The following packages have a transitive dependency on rucio and may be impacted: - pic-rucio =0.0.1, =2024.10.3.71620 Source cves: CVE-2026-29080 Source advisory: SNYK:PYTHON-RUCIO-16635089...
pic-rucio (>=0.0.1 <=2024.10.3.71620) potentially affected by CVE-2026-29080 via rucio (=1.30.5)
rucio PYPI version =1.30.5 is affected by a known vulnerability. The following packages have a transitive dependency on rucio and may be impacted: - pic-rucio =0.0.1, =2024.10.3.71620 Source cves: CVE-2026-29080 Source advisory: OSV:GHSA-VJR5-C9QV-HGM3...
EUVD-2026-27869
Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API...
SQL Injection
Overview rucio is a Rucio Package Affected versions of this package are vulnerable to SQL Injection in the createsqlaquery function when processing filter keys and values in Oracle database backends using the default jsonmeta metadata plugin configuration. An attacker can execute arbitrary SQL...
Rucio SQL注入漏洞
Rucio is an open-source scientific data management tool developed by Rucio team. Rucio has a SQL injection vulnerability, which stems from the SQL injection in the FilterEngine.createpostgresquery method. This vulnerability allows any authenticated Rucio user to execute arbitrary SQL queries...
Rucio SQL注入漏洞
Rucio is an open-source scientific data management tool developed by Rucio team. Rucio has a SQL injection vulnerability, which stems from the SQL injection in the FilterEngine.createsqlaquery method. This vulnerability allows any authenticated Rucio user to execute arbitrary SQL queries against...
PT-2026-38087
Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.create postgres query. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search...