CVE-2026-45779
Analyzed Analyzed - Analysis Complete
SQL Injection in Open XDMoD Prior to 10.0.3

Publication date: 2026-06-05

Last updated on: 2026-06-10

Assigner: GitHub, Inc.

Description
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and can result in complete compromise of the underlying database. All deployments of Open XDMoD prior to 10.0.3 are impacted. This issue was discovered on 2023-08-03 and patched on 2023-08-04. At this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 10.0.3 on 2023-08-04. As a workaround, apply the patch manually.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-05
Last Modified
2026-06-10
Generated
2026-06-27
AI Q&A
2026-06-06
EPSS Evaluated
2026-06-25
NVD
CVE-2026-45779
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
buffalo open_xdmod to 10.0.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The SQL injection vulnerability in Open XDMoD prior to version 10.0.3 allows unauthenticated remote attackers to execute arbitrary SQL statements, potentially leading to complete compromise of the underlying database.

Such a compromise can result in unauthorized access, modification, or disclosure of sensitive data, which may impact compliance with data protection regulations and standards like GDPR and HIPAA that require safeguarding the confidentiality, integrity, and availability of personal and sensitive information.

Because this vulnerability can lead to a high impact on confidentiality, integrity, and availability (as indicated by its CVSS score of 9.3), organizations using affected versions of Open XDMoD may face increased risk of non-compliance if the vulnerability is exploited.

Applying the patch or upgrading to version 10.0.3 mitigates this risk by preventing SQL injection attacks.

Executive Summary

CVE-2026-45779 is an SQL injection vulnerability in Open XDMoD versions prior to 10.0.3. It allows an unauthenticated remote attacker to execute arbitrary SQL statements on the underlying database. This happens because user-supplied input was not properly sanitized before being included in SQL queries, enabling malicious input to manipulate the database commands.

The vulnerability requires no authentication or user interaction to exploit, making it particularly dangerous. It was fixed by adding proper database quoting to user inputs in the affected code methods, preventing malicious SQL injection.

Impact Analysis

Exploitation of this vulnerability can lead to complete compromise of the underlying database used by Open XDMoD. An attacker could execute arbitrary SQL commands remotely without any authentication, potentially leading to data theft, data manipulation, or destruction.

Because the attacker can run any SQL statement, this could result in loss of confidentiality, integrity, and availability of the data stored in the database.

Detection Guidance

The provided context and resources do not include specific detection methods or commands to identify exploitation or presence of this SQL injection vulnerability on your network or system.

Mitigation Strategies

To mitigate this vulnerability, the primary recommended step is to upgrade Open XDMoD to version 10.0.3 or later, where the issue has been patched.

If immediate upgrade is not possible, apply the manual patch provided for affected versions prior to 10.0.3. This patch modifies the relevant PHP files to properly quote user inputs and prevent SQL injection.

  • Upgrade Open XDMoD to version 10.0.3 or later.
  • Apply the manual patch for your version from the official security patches.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45779. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart