← العودة للجدول
CVE-2026-61667
CVE-2026-61667 — DIRAC is vulnerable to RCE in FileCatalog DatasetManager via SQL injection + eva
📅 2026-07-13
🔴 Critical 🔥 No GHSA Exploit Web CVSS 9.9

📋 الوصف الكامل

### Summary The FileCatalog DatasetManager runs a query on the database and passes the result to eval. The SQL query contains an injection vulnerability which allows an authenticated user to control the parameter returned to the eval resulting in remote code execution. ### Details The FileCatalog checkDataset function passes its datasets argument directly to the backend DB handler: https://githu

💻 الأنظمة المتأثرة

⚠️ نوع التهديد

Exploit

🔗 CVE ID

CVE-2026-61667

📡 المصدر

GHSA

✅ الحلول والتخفيف

Update to v8.0.79

🔗 المصدر الأصلي ← 📘 NVD ← ⚡ CISA KEV ← 🔍 Valters IT ←