CVE-2026-42425 - Vulnerability Details

- OpenKM 6.3.12 Unrestricted SQL Execution via DatabaseQuery

Description

OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the DatabaseQuery interface. Attackers can submit malicious SQL queries through the qs parameter to the /admin/DatabaseQuery endpoint to extract sensitive data including usernames and password hashes from the OKM_USER table, modify permissions, or delete database records.

Published: 2026-05-26

Score: 8.6 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

OpenKM 6.3.12 contains an unrestricted SQL execution flaw that permits authenticated administrative users to inject and run arbitrary SQL statements through the qs parameter on the /admin/DatabaseQuery endpoint. When exploited, an attacker can read sensitive information such as usernames and password hashes from the OKM_USER table, alter user permissions, or delete critical database records. This vulnerability is identified as a CWE‑89 SQL Injection and is rated with a CVSS score of 8.6, indicating high severity.

Affected Systems

The flaw affects OpenKM Community Edition and OpenKM Professional Edition running version 6.3.12. Any installation of these products that exposes the /admin/DatabaseQuery interface to authenticated administrators is vulnerable; this includes standard deployments and Docker images from the official repository.

Risk and Exploitability

With a CVSS score of 8.6 the vulnerability is considered high risk, yet the attack vector requires existing admin authentication, limiting initial access to users with privileged credentials. The EPSS score is not available and the issue is not listed in CISA's KEV catalog, but the potential for data compromise and database tampering remains significant once the vulnerability is accessed.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Openkm

OpenKM Community Edition

unknown

Version	Status	Constraints
`0`	affected	≤ 6.3.12

Openkm

OpenKM Professional Edition

unknown

Version	Status	Constraints
`0`	affected	≤ 7.1.47

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the vendor's patch or upgrade OpenKM to a version that eliminates the unrestricted SQL execution flaw. If an immediate patch is unavailable, upgrade to a supported release beyond 6.3.12 as soon as possible.
Restrict access to the /admin/DatabaseQuery endpoint by ensuring it is exposed only to essential administrators; disable or remove the qs parameter in the configuration if the feature is not needed. Implement strict authentication controls and network segmentation to limit exposure.
Audit database activity for unusual or unauthorized queries, review OKM_USER table changes, and monitor permission modifications to detect potential exploitation early.

Generated by OpenCVE AI on May 26, 2026 at 15:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/terrasystemlabs/Exploits/tree/main/OpenKM-Exploits
https://github.com/terrasystemlabs/Exploits/tree/main/OpenKM-Exploits/nuclei-templates/openkm-sql-database-query
https://hub.docker.com/r/openkm/openkm-ce
https://terrasystemlabs.com/post?slug=openkm-zero-day-vulnerabilities-terra-system-labs
https://www.exploit-db.com/exploits/52520
https://www.openkm.com/
https://www.vulncheck.com/advisories/openkm-unrestricted-sql-execution-via-databasequery

History

Tue, 26 May 2026 14:30:00 +0000

Type	Values Removed	Values Added
Description		OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the DatabaseQuery interface. Attackers can submit malicious SQL queries through the qs parameter to the /admin/DatabaseQuery endpoint to extract sensitive data including usernames and password hashes from the OKM_USER table, modify permissions, or delete database records.
Title		OpenKM 6.3.12 Unrestricted SQL Execution via DatabaseQuery
First Time appeared		Openkm Openkm openkm
Weaknesses		CWE-89
CPEs		cpe:2.3:a:openkm:openkm:::::community:::* cpe:2.3:a:openkm:openkm:::::professional:::*
Vendors & Products		Openkm Openkm openkm
References		https://github.com/terrasystemlabs/Exploits/tree/main/OpenKM-Exploits https://github.com/terrasystemlabs/Exploits/tree/main/OpenKM-Exploits/nuclei-templates/openkm-sql-database-query https://hub.docker.com/r/openkm/openkm-ce https://terrasystemlabs.com/post?slug=openkm-zero-day-vulnerabilities-terra-system-labs https://www.exploit-db.com/exploits/52520 https://www.openkm.com/ https://www.vulncheck.com/advisories/openkm-unrestricted-sql-execution-via-databasequery
Metrics		cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Subscriptions

Openkm Openkm

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-05-26T14:08:50.343Z

Updated: 2026-05-26T15:14:09.128Z

Reserved: 2026-04-27T11:38:59.195Z

Link: CVE-2026-42425

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-26T15:16:37.423

Modified: 2026-05-26T15:16:37.423

Link: CVE-2026-42425

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-26T15:30:08Z

Weaknesses

CWE-89

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object