CVE-2026-42087

Name of the Vulnerable Software and Affected Versions OpenC3 COSMOS versions 6.7.0 through 7.0.0-rc3

Description The Time-Series Database (TSDB) component contains a SQL injection flaw. The tsdb lookup() function within the cvt model.rb file incorporates user-supplied input into a SQL query without proper sanitization. This allows a user to escape the original SQL statement and execute arbitrary SQL commands, which could lead to the deletion of data.

Recommendations Update to version 7.0.0-rc3.