CVE-2026-42031: CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`
A vulnerability in datastore_search_sql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information.
References
- docs.ckan.org/en/2.10/changelog.html
- docs.ckan.org/en/2.11/changelog.html
- docs.ckan.org/en/2.11/extensions/plugin-interfaces.html
- docs.ckan.org/en/2.11/maintaining/configuration.html
- github.com/advisories/GHSA-h7j7-3rx6-xvcg
- github.com/ckan/ckan
- github.com/ckan/ckan/security/advisories/GHSA-h7j7-3rx6-xvcg
- nvd.nist.gov/vuln/detail/CVE-2026-42031
Code Behaviors & Features
Detect and mitigate CVE-2026-42031 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →