PyPI: ckan
CVE-2026-42031
Safety vulnerability ID: SFTY-20260429-98550
Safety legacy ID: pyup.io-95308
Affected versions of the ckan package are vulnerable to SQL Injection and Authorization Bypass due to insufficient query validation and access control in the datastore_search_sql action. The datastore_search_sql endpoint accepts user-supplied SQL fragments and executes them against the DataStore PostgreSQL backend, allowing crafted statements to bypass the access checks intended to scope queries to public resources and to reach PostgreSQL system catalogs. An unauthenticated attacker with the DataStore SQL search enabled can issue malicious SQL queries to read data from private resources and extract PostgreSQL system metadata that should not be exposed.
Overview
CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`
Advisory
Affected versions of the ckan package are vulnerable to SQL Injection and Authorization Bypass due to insufficient query validation and access control in the datastore_search_sql action. The datastore_search_sql endpoint accepts user-supplied SQL fragments and executes them against the DataStore PostgreSQL backend, allowing crafted statements to bypass the access checks intended to scope queries to public resources and to reach PostgreSQL system catalogs. An unauthenticated attacker with the DataStore SQL search enabled can issue malicious SQL queries to read data from private resources and extract PostgreSQL system metadata that should not be exposed.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260429-98550/CVE-2026-42031
- https://data.safetycli.com/changelogs/ckan/
- https://github.com/advisories/GHSA-h7j7-3rx6-xvcg
- https://pypi.org/project/ckan
- https://github.com/ckan/ckan/security/advisories/GHSA-h7j7-3rx6-xvcg
- https://docs.ckan.org/en/2.10/changelog.html#v-2-10-10-2026-04-29
- https://docs.ckan.org/en/2.11/changelog.html#v-2-11-5-2026-04-29
- https://docs.ckan.org/en/2.11/extensions/plugin-interfaces.html#ckan.plugins.interfaces.IAuthFunctions
- https://docs.ckan.org/en/2.11/maintaining/configuration.html#ckan-datastore-sqlsearch-enabled
- https://github.com/advisories/GHSA-h7j7-3rx6-xvcg
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more