CVE-2026-49490
SQL Injection in OpenCATS via DataGrid Tags Filter
Publication date: 2026-05-31
Last updated on: 2026-05-31
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opencats | opencats | to 0.9.1a (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-49490 is a high-severity SQL injection vulnerability found in OpenCATS versions up to and including 0.9.1a. It affects the DataGrid filter handling mechanism, specifically targeting the non-filterable Tags column in the Candidates DataGrid.
The vulnerability allows authenticated attackers to bypass the intended filter restrictions by crafting malicious filter requests that inject arbitrary SQL commands through the Tags column, which is supposed to be non-filterable.
This happens because the server-side processing does not properly neutralize special elements in SQL commands, leading to the execution of arbitrary SQL queries against the database.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized execution of arbitrary SQL queries on the database.
- Attackers can bypass filter restrictions to access or manipulate sensitive data.
- It can compromise the confidentiality and integrity of the database.
- Since the attacker must be authenticated, it poses a risk from insider threats or compromised accounts.
- There is no patch available yet, so mitigation is limited to restricting access to affected endpoints, which does not fully resolve the issue.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves SQL injection through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid of OpenCATS. Detection would involve monitoring or testing for unusual or crafted filter requests sent to the DataGrid endpoint that manipulate the Tags column filter parameter.
Since the vulnerability requires authenticated access, detection commands or tests should be performed with valid credentials.
A possible approach is to use tools like curl or Burp Suite to send crafted HTTP requests to the DataGrid filter endpoint, attempting to inject SQL payloads in the filter parameter for the Tags column and observe if the server responds with SQL errors or unexpected data.
- Example curl command to test injection (replace URL and authentication accordingly):
- curl -X POST -d 'filter[Tags]=1 OR 1=1--' -b 'session=your_auth_cookie' https://your-opencats-instance/DataGridEndpoint
If the response contains SQL errors or returns data that should be restricted, it indicates the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the affected DataGrid endpoints to only trusted and authenticated users, as the vulnerability requires authentication.
Since there is currently no patch available, administrators should limit user permissions and monitor for suspicious activity involving the Candidates DataGrid filter functionality.
Additionally, consider implementing web application firewall (WAF) rules to detect and block SQL injection attempts targeting the Tags column filter.
Plan to upgrade OpenCATS to a fixed version once a patch is released.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The SQL injection vulnerability in OpenCATS allows authenticated attackers to execute arbitrary SQL queries, potentially compromising the confidentiality and integrity of sensitive data stored in the database.
Such a compromise can lead to unauthorized access or manipulation of personal or protected health information, which may result in non-compliance with data protection regulations like GDPR and HIPAA that require safeguarding data confidentiality and integrity.
Therefore, this vulnerability poses a significant risk to compliance with these common standards and regulations by exposing sensitive data to unauthorized access or alteration.