CVE-2026-42032 — CRITICAL (9.1)

Q: How severe is CVE-2026-42032?

CVE-2026-42032 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2026-42032?

Check the references section above for vendor advisories and patch information. Affected products include: Okfn Ckan.

Vulnerability Description

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed in 2.10.10 and 2.11.5.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Okfn	Ckan	< 2.10.10

Related Weaknesses (CWE)

CWE-863

References

https://github.com/ckan/ckan/security/advisories/GHSA-cg4x-64p3-x59hMitigationVendor Advisory

FAQ

What is CVE-2026-42032?

CVE-2026-42032 is a vulnerability with a CVSS score of 9.1 (CRITICAL). CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to bypass authorizat...

How severe is CVE-2026-42032?

CVE-2026-42032 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2026-42032?

Check the references section above for vendor advisories and patch information. Affected products include: Okfn Ckan.