Grit · Grit · CVE-2026-12206
**Name of the Vulnerable Software and Affected Versions**
Grit42 Grit versions prior to 0.11.0
**Description**
A remote SQL injection is possible due to improper manipulation within the `Grit::Assays::DataTableEntity()` function located in the `modules/assays/backend/app/models/grit/assays/data table entity.rb` file. SQL injection is a technique where an attacker inserts malicious SQL statements into a query, allowing them to manipulate the database.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.