CVE-2026-54698 - CERT CVE
ID CVE-2026-54698
Sažetak Hasura is an open-source product that provides users GraphQL or REST APIs. Prior to 2.49.2 and 2.45.5, a user can use a where clause on a table computed field (returning SETOF some_table) to infer row values that ought to be filtered for their role based on some_table's row-level permissions. While such rows cannot be returned directly, like predicates on strings for instance allow values to be brute forced efficiently with the where clause as an oracle. This issue is fixed in versions 2.49.2 and 2.45.5.
Reference
CVSS
Base: 0.0
Impact: None
Exploitability:None
Pristup
VektorSloženostAutentikacija
None None None
Impact
PovjerljivostCjelovitostDostupnost
None None None
CVSS vektor None
Zadnje važnije ažuriranje 10-07-2026 - 17:49
Objavljeno 07-07-2026 - 22:16