Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
CVE-2026-49490: OpenCATS SQL Injection in DataGrid Filter Handling
CVE-2026-49490
Summary
Authenticated attackers can inject malicious SQL code into OpenCATS's DataGrid filter handling, potentially allowing them to access sensitive data. This issue affects OpenCATS versions 0.9.1a and later. To mitigate this risk, update to a patched version of OpenCATS or apply security patches.
Original title
OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterab...
Original description
OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers can bypass column filterable restrictions by manipulating filter requests to execute arbitrary SQL queries against the database.
nvd CVSS3.1
8.1
nvd CVSS4.0
8.6
Vulnerability type
CWE-89
SQL Injection
Published: 31 May 2026 · Updated: 31 May 2026 · First seen: 31 May 2026