PT-2026-35085 · Saltcorn · Saltcorn

Qiaonpc

Published

2026-04-16

Updated

2026-04-24

CVE-2026-41478

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Saltcorn versions prior to 1.4.6 Saltcorn versions prior to 1.5.6 Saltcorn versions prior to 1.6.0-beta.5

Description Saltcorn is an extensible, open source, no-code database application builder. A SQL injection in the mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through sync parameters. This can result in full database exfiltration, including admin password hashes and configuration secrets, and may enable database modification or destruction depending on the backend.

Recommendations Update to version 1.4.6 Update to version 1.5.6 Update to version 1.6.0-beta.5

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2026-41478

GHSA-JP74-MFRX-3QVH

Affected Products

Saltcorn

PT-2026-35085 · Saltcorn · Saltcorn

CVE-2026-41478

Weakness Enumeration

Related Identifiers

Affected Products

References · 6