QwikSec

Security Database

CVE

CWE

Training

CVE-2026-42031

Published: May 13, 2026

Modified: May 15, 2026

PUBLISHED

Description

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed in 2.10.10 and 2.11.5.

Vendor	Product	Versions
ckan	ckan	affected `>= 2.11.0, < 2.11.5` affected `< 2.10.10`

Weaknesses (CWE)

References

https://github.com/ckan/ckan/security/advisories/GHSA-h7j7-3rx6-xvcg

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.