Loading market data...
← Back to CVE feed

CVE-2026-49490

HIGH CVSS 8.1 View on NVD ↗

Description

OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers can bypass column filterable restrictions by manipulating filter requests to execute arbitrary SQL queries against the database.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Published: May 31, 2026 13:16 UTC Modified: May 31, 2026 13:16 UTC