CVE-2026-42032

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions CKAN versions prior to 2.10.10 CKAN versions prior to 2.11.5

Description An issue in the datastore search sql function allows attackers to bypass authorization. This can lead to unauthorized access to private resources and PostgreSQL system information.

Recommendations Update to version 2.10.10. Update to version 2.11.5. As a temporary workaround, disable the DataStore SQL search by setting ckan.datastore.sqlsearch.enabled = false. Restrict the use of the datastore search sql function using an IAuthFunctions plugin.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2026-42032

GHSA-CG4X-64P3-X59H

Affected Products

Ckan

CVE-2026-42032

Weakness Enumeration

Related Identifiers

Affected Products

References · 10