VYPR

Sync Service

by Electric

CVEs (1)

  • CVE-2026-40906CriApr 21, 2026
    risk 0.57cvss 9.9epss 0.00

    Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the ElectricSQL /v1/shape API is vulnerable to error-based SQL injection, allowing any authenticated user to read, write, and destroy the full contents of the underlying PostgreSQL…