Description
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed in 2.10.10 and 2.11.5.
Published: 2026-05-13
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An authentication bypass flaw exists in CKAN's datastore_search_sql function that allows attackers to construct arbitrary SQL queries against the underlying PostgreSQL database. The vulnerability, categorized as CWE-863, permits a malicious actor to read and potentially modify private resources without possessing valid credentials. The impact includes leaking sensitive data, exposing system configuration details, and compromising the confidentiality and integrity of the data hub.

Affected Systems

The flaw affects CKAN versions prior to 2.10.10 and 2.11.5. Users running those releases, regardless of deployment environment, are susceptible unless additional controls are in place. The affected product is the CKAN data management system developed by the CKAN community.

Risk and Exploitability

The CVSS score is 6.7, indicating moderate severity. No EPSS score is available, and the vulnerability is not listed in CISA KEV, suggesting it has not yet been widely exploited in the wild. The likely attack vector is through the unauthenticated datastore_search_sql API endpoint, which, if exposed, enables attackers to inject and execute SQL. Successful exploitation appears straightforward for anyone who can reach the endpoint, making it important to remediate promptly.

Generated by OpenCVE AI on May 13, 2026 at 20:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade CKAN to version 2.10.10 or newer 2.11.5 where the datastore_search_sql authorization checks have been corrected.
  • Restrict the datastore_search_sql endpoint by requiring authentication and appropriate permissions before allowing execution of queries.
  • For immediate protection, disable or remove the datastore_search_sql capability from the API until a patch can be applied, or enforce strict role‑based access controls for the endpoint.

Generated by OpenCVE AI on May 13, 2026 at 20:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-cg4x-64p3-x59h CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`
History

Fri, 15 May 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Okfn
Okfn ckan
CPEs cpe:2.3:a:okfn:ckan:*:*:*:*:*:*:*:*
Vendors & Products Okfn
Okfn ckan
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

Thu, 14 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Ckan
Ckan ckan
Vendors & Products Ckan
Ckan ckan

Wed, 13 May 2026 19:15:00 +0000

Type Values Removed Values Added
Description CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed in 2.10.10 and 2.11.5.
Title CKAN: Unauthenticated Authorization Bypass in `datastore_search_sql`
Weaknesses CWE-863
References
Metrics cvssV4_0

{'score': 6.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U'}

Subscriptions

Ckan Ckan
Okfn Ckan
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-14T18:15:13.043Z

Reserved: 2026-04-23T16:05:01.708Z

Link: CVE-2026-42032

cve-icon Vulnrichment

Updated: 2026-05-14T18:15:08.210Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-13T19:17:22.853

Modified: 2026-05-15T15:02:11.310

Link: CVE-2026-42032

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T20:30:04Z

Weaknesses