CVE Catalog

CVE-2026-12206

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

9th percentile — higher than 9% of all known CVEs

Summary

A vulnerability was identified in Grit42 Grit up to version 0.11.0, affecting the function Grit::Assays::DataTableEntity in the file modules/assays/backend/app/models/grit/assays/data_table_entity.rb. The manipulation leads to SQL injection.

Risk Assessment

The attack can be carried out remotely, and public exploits are available, increasing the risk of this vulnerability being exploited.

Recommendation

It is recommended to update to the latest version of Grit42 to mitigate this vulnerability and to monitor systems for potential attacks.

Original NVD description (English source)

A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/data_table_entity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS