CVE-2026-34400

Name of the Vulnerable Software and Affected Versions Alerta versions prior to 9.1.0

Description Alerta, a monitoring tool, had a SQL injection issue in the Query string search API. The vulnerability stemmed from directly interpolating user-supplied search terms into SQL strings via f-strings when building WHERE clauses using the Postgres query parser. The API endpoint ''/'' with the q parameter was susceptible to this issue.

Recommendations Upgrade to version 9.1.0 or later. If an upgrade is not possible, deploy a proxy to sanitize the q parameter before it reaches the Alerta API.