VYPR
Critical severity9.8GHSA Advisory· Published May 13, 2026· Updated May 15, 2026

CVE-2026-42031

CVE-2026-42031

Description

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed in 2.10.10 and 2.11.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ckanPyPI
< 2.10.102.10.10
ckanPyPI
>= 2.11.0, < 2.11.52.11.5

Affected products

3
  • Ckan/CkanGHSA2 versions
    >= 2.11.0, <= 2.11.4+ 1 more
    • (no CPE)range: >= 2.11.0, <= 2.11.4
    • cpe:2.3:a:okfn:ckan:*:*:*:*:*:*:*:*range: <2.10.10
  • ghsa-coords
    Range: < 2.10.10

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.