CVE-2026-6093

Received Received - Intake

SQL Injection in Corteza Compose Records Filter

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: Fluid Attacks

Description

Corteza contains a SQL injection vulnerability in its Microsoft SQL Server (MSSQL) backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-11

Last Modified

2026-05-11

Generated

2026-06-21

AI Q&A

2026-05-11

EPSS Evaluated

2026-06-19

NVD

CVE-2026-6093

EUVD

EUVD-2026-29079

Affected Vendors & Products

Vendor	Product	Version / Range
corteza	corteza	2024.9.8

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-89	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE ID

Description

CWE-89

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

Compliance Impact

The provided information does not specify how the SQL injection vulnerability in Corteza affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-6093 is a SQL injection vulnerability in the Corteza platform version 2024.9.8, specifically affecting its Microsoft SQL Server backend when filtering Compose records by the meta field.

The issue arises from improper escaping of single quotes in SQL queries within the code, where the implementation uses strings.ReplaceAll(path, "'", "\\'") instead of the correct method of doubling single quotes as required by SQL standards.

Additionally, the vulnerability is worsened by the ParseMeta JSON path skipping validation of certain keys, allowing an attacker to exploit this flaw.

Impact Analysis

This SQL injection vulnerability can allow an attacker to manipulate database queries, potentially leading to unauthorized data access or modification.

Since the vulnerability affects filtering of Compose records by meta fields, an attacker might exploit it to extract sensitive information or alter data within the Corteza platform.

As of the disclosure date, no patch is available, which means systems running the affected version remain at risk until a fix is applied.

Detection Guidance

Detection of CVE-2026-6093 involves identifying exploitation attempts of the SQL injection vulnerability in Corteza version 2024.9.8, specifically targeting the Microsoft SQL Server backend when filtering Compose records by the meta field.

Since the vulnerability arises from improper escaping of single quotes in SQL queries, monitoring for unusual or malformed SQL queries containing single quotes or attempts to inject SQL code in the meta field filters could help detect exploitation.

No specific detection commands are provided in the available resources. However, general detection methods could include:

Using network monitoring tools to capture and analyze SQL queries sent to the MSSQL backend for suspicious patterns.
Reviewing application logs for errors or anomalies related to Compose record filtering or meta field processing.
Employing SQL Server auditing features to log and review queries that include suspicious string patterns or injection attempts.

Since no explicit commands or scripts are provided, users are advised to consult official security advisories or the Corteza project's SECURITY.md for potential detection tools or updates.

Mitigation Strategies

As of the public disclosure date, there is no available patch for CVE-2026-6093.

Immediate mitigation steps include:

Avoid using or exposing the vulnerable filtering functionality on the Compose records meta field in Corteza version 2024.9.8.
Restrict access to the Corteza application and its MSSQL backend to trusted users only, minimizing the risk of exploitation.
Monitor for suspicious activity or exploitation attempts as described in detection recommendations.
Follow the Corteza project and Fluid Attacks advisories for updates or patches addressing this vulnerability.

Hi! I’m here to help you understand CVE-2026-6093. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-6093

SQL Injection in Corteza Compose Records Filter

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart