VYPR
High severity8.1NVD Advisory· Published May 31, 2026· Updated Jun 1, 2026

CVE-2026-49490

CVE-2026-49490

Description

OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers can bypass column filterable restrictions by manipulating filter requests to execute arbitrary SQL queries against the database.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Opencats/Opencatsinferred2 versions
    >=0.9.1a+ 1 more
    • (no CPE)range: >=0.9.1a
    • (no CPE)range: >=0.9.1a

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.