CVE-2026-29090
high
CVSS v3
8.8
CVSS v2
—
VIR risk
8.8
Description
Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API
Predictions
Exploit likelihood
92%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security-advisories@github.com — https://github.com/rucio/rucio/security/advisories/GHSA-6j7p-qjhg-9947
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| PyPI | rucio | >=1.30.0,<35.8.5 | 35.8.5 |
| PyPI | rucio | >=36.0.0,<38.5.5 | 38.5.5 |
| PyPI | rucio | >=39.0.0,<39.4.2 | 39.4.2 |
| PyPI | rucio | >=40.0.0,<40.1.1 | 40.1.1 |
| PIP | rucio | >= 40.0.0, < 40.1.1 | 40.1.1 |
| PIP | rucio | >= 39.0.0, < 39.4.2 | 39.4.2 |
| PIP | rucio | >= 36.0.0, < 38.5.5 | 38.5.5 |
| PIP | rucio | >= 1.30.0, < 35.8.5 | 35.8.5 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cern | rucio | {"startIncluding":"1.30.0","endExcluding":"35.8.5"} | 35.8.5 |
References
CWEs
CWE-89
Verify integrity in audit chain (admin only). AS-IS.