Description
A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-23
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL Injection
Action: Immediate Patch
AI Analysis

Impact

A flaw in Erupt's EruptJpaUtils due to unsanitized use of the sort.field parameter allows attackers to inject arbitrary SQL through Hibernate. The injection can lead to unauthorized data disclosure or modification, compromising the confidentiality and integrity of the application’s database.

Affected Systems

The vulnerability is present in the Erupt application released by erupts, affecting all installed versions up to and including 1.13.3.

Risk and Exploitability

The CVSS base score of 6.9 indicates a moderate severity risk. While the EPSS score is not available, the public disclosure and remote nature of the attack vector suggest that exploitation could occur with reasonable effort. The vulnerability is not listed in CISA's KEV catalog, but the lack of a vendor response amplifies the need for rapid remedial action.

Generated by OpenCVE AI on March 23, 2026 at 19:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Erupt to the latest supported version (or apply an official patch) to eliminate the vulnerability.
  • If a patch is not immediately available, implement input validation to escape or whitelist the sort.field parameter in the application code.
  • Restrict access to the affected API endpoints by requiring authentication or network-level filtering for trusted users only.
  • Apply strict database permissions so that the application connects with the minimum necessary privileges, limiting potential damage from injected SQL.
  • Continuously monitor application logs for signs of attempted SQL injection and conduct regular vulnerability scans.

Generated by OpenCVE AI on March 23, 2026 at 19:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Erupt
Erupt erupt
Vendors & Products Erupt
Erupt erupt

Mon, 23 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title erupts erupt EruptJpaUtils.java geneEruptHqlOrderBy sql injection
Weaknesses CWE-564
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Erupt Erupt
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-24T14:11:24.887Z

Reserved: 2026-03-22T11:59:37.833Z

Link: CVE-2026-4594

cve-icon Vulnrichment

Updated: 2026-03-24T14:11:21.601Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-23T18:16:26.937

Modified: 2026-03-24T15:54:09.400

Link: CVE-2026-4594

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:37:22Z

Weaknesses