SQL Injection Vulnerability in Datadog Vector
CVE-2026-39196

9.8CRITICAL

Key Information:

Status
Vendor
CVE Published:
15 June 2026

What is CVE-2026-39196?

A SQL injection vulnerability has been identified in Datadog's Vector product, specifically within the set_uri_query parameter of the KeyPartitioner::partition function. This vulnerability enables attackers to potentially manipulate SQL queries, allowing unauthorized access to sensitive database information through crafted SQL statements.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.