CVE 8.6 HIGH

OpenCATS – SQL Injection in DataGrid Filter Handling for Tags Column_CVE-2026-49490

May 31, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers can bypass column filterable restrictions by manipulating filter requests to execute arbitrary SQL queries against the database.

AI Analysis

SQL injection vulnerability in DataGrid filter handling

Basic Information

ID CVE-2026-49490

Source VulnCheck

Published May 31, 2026 at 12:07

Affected Product

Vendor OpenCATS

Product OpenCATS

Version 0.9.1a

Affected Versions OpenCATS OpenCATS 0

CWE Classification

CWE-89

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor OpenCATS

Product OpenCATS

Version 0.9.1a

References

{
    "lastseen": "",
    "description": "OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers can bypass column filterable restrictions by manipulating filter requests to execute arbitrary SQL queries against the database.",
    "published": "2026-05-31T12:07:55.331Z",
    "modified": "2026-05-31T12:07:55.331Z",
    "type": "cve",
    "title": "OpenCATS - SQL Injection in DataGrid Filter Handling for Tags Column",
    "source": "VulnCheck",
    "references": "https://github.com/opencats/OpenCATS/security/advisories/GHSA-gmpc-j6h7-vw74\nhttps://www.vulncheck.com/advisories/opencats-sql-injection-in-datagrid-filter-handling-for-tags-column",
    "id": "CVE-2026-49490",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "OpenCATS OpenCATS 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OpenCATS",
    "version": "0.9.1a",
    "vendor": "OpenCATS",
    "ai_description": "SQL injection vulnerability in DataGrid filter handling",
    "ai_severity": "High",
    "ai_vendor": "OpenCATS",
    "ai_product": "OpenCATS",
    "ai_version": "0.9.1a",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply