top of page
perceptive_background_267k.jpg

Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. At…

Published:

20 January 2026 at 23:00:00

Alert date:

21 January 2026 at 19:12:52

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Database & Storage

CVE-2021-47748 is a remote code execution vulnerability in Hasura GraphQL 1.3.3 that allows attackers to execute arbitrary shell commands through SQL query manipulation. The vulnerability is exploited by injecting malicious commands into the run_sql endpoint through crafted GraphQL queries. Attackers leverage PostgreSQL's COPY FROM PROGRAM functionality to execute system commands. This represents a critical security flaw that provides complete system compromise capabilities to remote attackers.

Technical details

Mitigation steps:

Affected products:

Hasura GraphQL

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2021-47748
https://github.com/hasura/graphql-engine
https://www.exploit-db.com/exploits/49802
https://www.vulncheck.com/advisories/hasura-graphql-remote-code-execution

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page