SQL Injection Vulnerability in OpenCATS DataGrid by OpenCATS
CVE-2026-49490

8.6HIGH

Key Information:

Vendor: Opencats
Status: Opencats
Vendor: CVE Published:; 31 May 2026

What is CVE-2026-49490?

OpenCATS version 0.9.1a is susceptible to an SQL injection vulnerability located within the DataGrid filter handling mechanism. This flaw permits authenticated users to inject malicious SQL commands by crafting specific filters aimed at the non-filterable Tags column within the Candidates DataGrid. By manipulating the filter requests, attackers can effectively bypass restrictions intended to secure the database, enabling them to execute arbitrary SQL queries, potentially compromising sensitive data.

Affected Version(s)

OpenCATS 0 <= 0.9.1a

References

https://github.com/opencats/OpenCATS/security/advisories/...

vendor-advisory

https://www.vulncheck.com/advisories/opencats-sql-injecti...

third-party-advisory

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2026
Vulnerability Reserved
May 31, 2026

CVE-2026-49490 Data

JSON

Opencats

What is CVE-2026-49490?

Affected Version(s)

References

CVSS V4

Timeline