CVE-2026-39196
Description
A SQL injection in Vector 0.54.0's ClickHouse sink allows an attacker-controlled event field to redirect writes to a different ClickHouse table.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A SQL injection in Vector 0.54.0's ClickHouse sink allows an attacker-controlled event field to redirect writes to a different ClickHouse table.
Vulnerability
In Datadog Vector v0.54.0, the KeyPartitioner::partition function in src/sinks/clickhouse/sink.rs renders ClickHouse INSERT query templates per event before the batch is sent [1]. The rendered database and table values are passed to set_uri_query in src/sinks/clickhouse/service.rs, which builds an HTTP query parameter containing INSERT INTO ""."" FORMAT [1]. The database value is inserted into the SQL string without quote escaping (the table value uses table.replace('"', "\"")), so a pipeline using database = "{{ target_db }}" allows attacker-controlled event data to break out of the quoted identifier context and alter the target table [1]. The vulnerability is reachable when a ClickHouse sink template includes a user-supplied event field [1].
Exploitation
An attacker must be able to send an event into a Vector 0.54.0 pipeline configured with a ClickHouse sink using a database template like database = "{{ target_db }}" [1]. The attacker crafts an event containing a target_db field with SQL injection payload, e.g., {"message":"owned","target_db":"prod\".\"admin_logs\" FORMAT JSONEachRow -- "} [1]. When the event is processed, the rendered INSERT query uses the injected value to close the database identifier, insert a new FORMAT clause, and comment out the rest, redirecting the write to prod.admin_logs instead of the intended table [1]. No multi-statement execution is required; the injection occurs within a single SQL identifier context [1].
Impact
Successful exploitation allows the attacker to redirect Vector's ClickHouse INSERT operations to a different ClickHouse table that is reachable with Vector's database credential [1]. This can lead to unauthorized data writes, potential data corruption in unintended tables, and potential information disclosure if data is written to a less-protected table [1]. The fixed suffix safe_table in the example template is commented out, so the injected table name becomes the actual write target [1].
Mitigation
As of the available references, no fixed version has been released by Datadog for CVE-2026-39196 [1]. The vulnerability was discovered in Vector v0.54.0, and users should monitor for an updated release [1]. A workaround is to avoid using attacker-controlled event fields in ClickHouse sink database or table templates; static database and table values prevent the injection [1]. The CVE is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of publication [1].
AI Insight generated on Jun 15, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: =0.54.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Asymmetric escaping of the database template value in the ClickHouse sink allows an attacker-controlled event field to break out of the quoted SQL identifier context."
Attack vector
An attacker sends a crafted event into a Vector pipeline configured with a ClickHouse sink that uses a template for the database parameter (e.g., `database = "{{ target_db }}"`). The `KeyPartitioner::partition` function renders the template per event, and `set_uri_query` builds the HTTP query parameter as `INSERT INTO "<database>"."<table>" FORMAT <format>`. Because the database value is not escaped for double quotes, an attacker can set `target_db` to a value like `prod"."admin_logs" FORMAT JSONEachRow -- `, which breaks out of the quoted identifier and comments out the remainder of the SQL statement, redirecting the insert to an unintended table [ref_id=1].
Affected code
The vulnerability resides in `KeyPartitioner::partition` (`src/sinks/clickhouse/sink.rs`) and `set_uri_query` (`src/sinks/clickhouse/service.rs`). The `database` template value is inserted into the SQL identifier without quote escaping, while the `table` value is escaped via `table.replace('"', "\"")`. This asymmetric escaping allows an attacker-controlled event field to break out of the quoted identifier context.
What the fix does
The advisory does not include a published patch. The recommended remediation is to apply the same double-quote escaping to the database value that is already applied to the table value (i.e., `database.replace('"', "\"")`) before inserting it into the SQL identifier. Without this fix, an attacker who controls event fields can redirect ClickHouse writes to arbitrary tables reachable by Vector's credential [ref_id=1].
Preconditions
- configVector must be configured with a ClickHouse sink that uses a template for the database parameter (e.g., database = "{{ target_db }}").
- inputThe attacker must be able to inject events into the pipeline that reaches the ClickHouse sink.
- configThe target ClickHouse table must exist, have a compatible schema, and be writable by Vector's ClickHouse credential.
Reproduction
Configure Vector 0.54.0 with an input that accepts attacker-controlled events and a ClickHouse sink using `database = "{{ target_db }}"`, `table = "safe_table"`, and `format = "json_each_row"`. Send an event with `{"message":"owned","target_db":"prod\".\"admin_logs\" FORMAT JSONEachRow -- "}`. The generated query becomes `INSERT INTO "prod"."admin_logs" FORMAT JSONEachRow -- "."safe_table" FORMAT JSONEachRow`, redirecting writes to `prod.admin_logs` [ref_id=1].
Generated on Jun 15, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1News mentions
0No linked articles in our index yet.