CVE-2026-12206
Grit42 Grit data_table_entity.rb DataTableEntity sql injection
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/data_table_entity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
| CWE | CWE-89 CWE-74 |
| Vendor | grit42 |
| Product | grit |
| Published | Jun 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for grit42 grit
Be the first to know when new medium vulnerabilities affecting grit42 grit are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Grit42 / Grit
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 0.10 0.11.0
References
vuldb.com: https://vuldb.com/vuln/370848 vuldb.com: https://vuldb.com/vuln/370848/cti vuldb.com: https://vuldb.com/cve/CVE-2026-12206 vuldb.com: https://vuldb.com/submit/831646 github.com: https://github.com/natanmorette-thoropass/thoropass-vuln-research-program/tree/main/2026/SQL%20Injection%20in%20grit42%20Data%20Table%20Entity%20Endpoint
Credits
๐ manfred-thoropass (VulDB User) VulDB CNA Team