CVE-2026-6991

Name of the Vulnerable Software and Affected Versions colinhacks Zod versions prior to 4.3.7

Description A flaw in the CUID Data Type Handler, specifically within an unknown function in the packages/zod/src/v4/core/regexes.ts file, allows for remote SQL injection. SQL injection is a technique where an attacker inserts malicious SQL code into a query, potentially allowing them to manipulate or access the database.

Recommendations Update to a version later than 4.3.6.