CVE-2026-12188
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
A vulnerability was detected in Grit42 Grit up to version 0.11.0, affecting some unknown functionality in the file modules/core/backend/app/controllers/concerns/grit/core/grit_entity_controller.rb of the GritEntityController component. Manipulating this functionality leads to SQL injection.
Risk Assessment
An attacker can remotely exploit this vulnerability, posing a serious threat to the security of data within the organization. The public availability of the exploit increases the risk of attacks.
Recommendation
It is recommended to immediately update Grit to the latest version to eliminate this vulnerability. A security audit of the application should also be conducted to detect potential exploits.
Original NVD description (English source)
A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules/core/backend/app/controllers/concerns/grit/core/grit_entity_controller.rb of the component GritEntityController. Performing a manipulation results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

