CVE-2026-42032 Security Details

CVE ID

CVE-2026-42032

CWE

CWE-863

CVE Description

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed in 2.10.10 and 2.11.5.

Published

May 6, 2026

CVSS Score & Severity

9.1Critical

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score

0.033%

Malware

malware

KEV Status

Not in KEV Catalog: No known exploits

Affected Ecosystems

affected

Source

National Vulnerability Database

References

https://github.com/ckan/ckan/security/advisories/GHSA-cg4x-64p3-x59hPROJECT