CVE-2026-42032CRITICAL 9.1EPSS p28.4%

CVE-2026-42032CVE-2026-42032

Description

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed in 2.10.10 and 2.11.5.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.37% probability of exploitation · percentile 28.4% · 2026-06-18T12:00:27Z
Published2026-05-13
Last modified2026-05-15

Underlying weaknesses· 1

CWE-863

References

  1. https://github.com/ckan/ckan/security/advisories/GHSA-cg4x-64p3-x59h

1

TypeTargetConfidenceTier
WeaknessIncorrect Authorizationcwe-8630%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-42031
CVE
CVE-2026-10802
CVE
CVE-2026-24359
CVE
Drupal Core SQL Injection Vulnerability
CVE
CVE-2025-64280
CVE
CVE-2025-64281
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.