top of page
perceptive_background_267k.jpg

OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through craft…

Published:

30 mei 2026 om 22:00:00

Alert date:

31 mei 2026 om 14:01:08

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Database & Storage

OpenCATS version 0.9.1a and later contains an SQL injection vulnerability in DataGrid filter handling. Authenticated attackers can exploit this vulnerability by injecting SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. The vulnerability allows attackers to bypass column filterable restrictions by manipulating filter requests. This enables execution of arbitrary SQL queries against the database. The vulnerability affects the DataGrid component specifically in the Tags column filtering mechanism.

Technical details

Mitigation steps:

Affected products:

OpenCATS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-49490
https://github.com/opencats/OpenCATS/security/advisories/GHSA-gmpc-j6h7-vw74
https://www.vulncheck.com/advisories/opencats-sql-injection-in-datagrid-filter-handling-for-tags-column

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page