CVE-2026-42032
CRITICAL WAF: Low
CVSS 9.1
Published: 2026-05-13
CWE-863
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed in 2.10.10 and 2.11.5.
WAF Coverage Analysis
Incorrect Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| okfn | ckan | up to 2.10.10 |
| okfn | ckan | 2.11.0 - 2.11.5 |
References
- github.com (Mitigation, Vendor Advisory)