Authorization Bypass in CKAN Data Management System
CVE-2026-42032

6.7MEDIUM

Key Information:

Vendor: Ckan
Status: Ckan
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-42032?

CKAN, an open-source data management system, contains a vulnerability in the datastore_search_sql component that allows attackers to bypass authorization mechanisms. This flaw can lead to unauthorized access to private resources and sensitive PostgreSQL system information, potentially compromising the integrity and confidentiality of data. It is crucial for users to upgrade to versions 2.10.10 and 2.11.5 or later to mitigate this risk and enhance security measures.

Affected Version(s)

ckan >= 2.11.0, < 2.11.5 < 2.11.0, 2.11.5

ckan < 2.10.10 < 2.10.10

References

https://github.com/ckan/ckan/security/advisories/GHSA-cg4...

x_refsource_CONFIRM

CVSS V4

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Apr 23, 2026

CVE-2026-42032 Data

JSON

Ckan

What is CVE-2026-42032?

Affected Version(s)

References

CVSS V4

Timeline