CVE-2026-49490

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.1 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N                                    

Vulnerability Description

OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers can bypass column filterable restrictions by manipulating filter requests to execute arbitrary SQL queries against the database.

Vulnerability Details

Published Date

May 31, 2026

Last Modified

May 31, 2026

CWE ID

CWE-89

Source

NVD

Vendor

OpenCATS

Product

OpenCATS

External References

https://github.com/opencats/OpenCATS/security/advisories/GHSA-gmpc-j6h7-vw74
https://www.vulncheck.com/advisories/opencats-sql-injection-in-datagrid-filter-handling-for-tags-column

CVE-2026-49490

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment