Description
An issue in the sqlo_untry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
Published: 2026-06-23
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An issue in the sqlo_untry component of OpenLink Virtuoso OpenSource, version 7.2.11, allows attackers to cause a Denial of Service by sending specially crafted SQL statements. This flaw corresponds to CWE-89 and results in the database becoming unavailable to legitimate users.

Affected Systems

This vulnerability affects OpenLink Virtuoso OpenSource, specifically the sqlo_untry module in version 7.2.11. Systems running this exact version are susceptible; newer releases may contain a fix.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity. The EPSS score is not available, and the vulnerability is not listed in CISA KEV. Exploitation requires sending crafted SQL statements to the sqlo_untry component, which may be achieved by accessing the database interface. Successful exploitation results in a Denial of Service.

Generated by OpenCVE AI on June 24, 2026 at 01:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a Virtuoso OpenSource release that fixes the sqlo_untry DoS flaw, preferably the latest release in the 7.2 series
  • Apply database-level timeouts, resource quotas, and restrict network access to the database server to trusted hosts only
  • Implement input validation for all incoming SQL queries and monitor error logs for repeated failures

Generated by OpenCVE AI on June 24, 2026 at 01:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
Title Denial of Service Vulnerability in Virtuoso sqlo_untry Component

Tue, 23 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title sqlo_untry Component Denial of Service via Crafted SQL in Virtuoso OpenSource
Weaknesses CWE-770

Tue, 23 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Title sqlo_untry Component Denial of Service via Crafted SQL in Virtuoso OpenSource
Weaknesses CWE-770

Tue, 23 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Description An issue in the sqlo_untry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-23T17:51:13.834Z

Reserved: 2025-09-26T00:00:00.000Z

Link: CVE-2025-61029

cve-icon Vulnrichment

Updated: 2026-06-23T17:50:58.684Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T02:00:05Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')