CVE-2026-21892

Name of the Vulnerable Software and Affected Versions Parsl versions prior to 2026.01.05

Description A SQL Injection issue exists in the parsl-visualize component. The application builds SQL queries using unsafe string formatting with user-supplied input (workflow id) taken directly from URL routes. This allows an unauthenticated attacker with access to the visualization dashboard to inject arbitrary SQL commands, potentially leading to data exfiltration or denial of service against the monitoring database.

Recommendations Update to version 2026.01.05 or later.