top of page
perceptive_background_267k.jpg

OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through craft…

Published:

30 May 2026 at 22:00:00

Alert date:

31 May 2026 at 14:01:08

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Database & Storage

OpenCATS version 0.9.1a and later contains an SQL injection vulnerability in DataGrid filter handling. Authenticated attackers can exploit this vulnerability by injecting SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. The vulnerability allows attackers to bypass column filterable restrictions by manipulating filter requests. This enables execution of arbitrary SQL queries against the database. The vulnerability affects the DataGrid component specifically in the Tags column filtering mechanism.

Technical details

Mitigation steps:

Affected products:

OpenCATS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-49490
https://github.com/opencats/OpenCATS/security/advisories/GHSA-gmpc-j6h7-vw74
https://www.vulncheck.com/advisories/opencats-sql-injection-in-datagrid-filter-handling-for-tags-column

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page