CVE-2026-39196
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
Version 0.54.0 of Datadog, Inc's Vector was found to contain a SQL injection vulnerability in the set_uri_query parameter of the KeyPartitioner::partition function. This vulnerability allows attackers to access sensitive database information via crafted SQL statements.
Risk Assessment
This vulnerability could lead to the exposure of confidential database information, posing a serious security threat to the organization.
Recommendation
It is recommended to update the Vector software to the latest version to mitigate this vulnerability and conduct a security audit of the database.
Original NVD description (English source)
Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection vulnerability in the set_uri_query parameter in the KeyPartitioner::partition function. This vulnerability allows attackers to access sensitive database information via crafted SQL statements.

