cbcvebase.

Cern Rucio vulnerabilities

8 known vulnerabilities affecting cern/rucio.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM6

Vulnerabilities

Page 1 of 1
CVE-2026-29090P2HIGHCVSS 8.8≥ 1.30.0, < 35.8.5≥ 36.0.0, < 38.5.5+2 more2026-05-06
CVE-2026-29090 [HIGH] CWE-89 CVE-2026-29090: ### Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, ### Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in `FilterEngine.create_postgres_query()`. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoint (`GET /dids//dids/search`). When the `postgres
nvd
CVE-2026-29080P2HIGHCVSS 8.8≥ 1.27.0, < 35.8.5≥ 36.0.0, < 38.5.5+2 more2026-05-06
CVE-2026-29080 [HIGH] CWE-89 CVE-2026-29080: A SQL injection vulnerability in `FilterEngine.create_sqla_query()` allows any authenticated Rucio u A SQL injection vulnerability in `FilterEngine.create_sqla_query()` allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (`GET /dids//dids/search`). On Oracle deployments attacker-controlled filter keys and values are interpolated directly into `sqlalchemy.text()` via Python `.format(
nvd
CVE-2026-25138P4MEDIUMCVSS 5.3fixed in 35.8.3≥ 36.0.0, < 38.5.4+1 more2026-02-25
CVE-2026-25138 [MEDIUM] CWE-204 CVE-2026-25138: Rucio is a software framework that provides functionality to organize, manage, and access large volu Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username exists, allowing unauthenticated attackers to enumerate
nvd
CVE-2026-25136P4MEDIUMCVSS 6.1fixed in 35.8.3≥ 36.0.0, < 38.5.4+1 more2026-02-25
CVE-2026-25136 [MEDIUM] CWE-79 CVE-2026-25136: Rucio is a software framework that provides functionality to organize, manage, and access large volu Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.3.1 in the rendering of the ExceptionMessage of the WebUI 500 error which could allow attackers t
nvd
CVE-2026-25733P4MEDIUMCVSS 5.4fixed in 35.8.3≥ 36.0.0, < 38.5.4+1 more2026-02-25
CVE-2026-25733 [MEDIUM] CWE-79 CVE-2026-25733: Rucio is a software framework that provides functionality to organize, manage, and access large volu Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting (XSS) vulnerability in the Custom Rules function of the WebUI where attacker-controlled input is persisted by the backen
nvd
CVE-2026-25735P4MEDIUMCVSS 4.8fixed in 35.8.3≥ 36.0.0, < 38.5.4+1 more2026-02-25
CVE-2026-25735 [MEDIUM] CWE-79 CVE-2026-25735: Rucio is a software framework that provides functionality to organize, manage, and access large volu Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting (XSS) vulnerability in the Identity Name of the WebUI where attacker-controlled input is persisted by the backend and la
nvd
CVE-2026-25736P4MEDIUMCVSS 4.8fixed in 35.8.3≥ 36.0.0, < 38.5.4+1 more2026-02-25
CVE-2026-25736 [MEDIUM] CWE-79 CVE-2026-25736: Rucio is a software framework that provides functionality to organize, manage, and access large volu Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting (XSS) vulnerability in the Custom RSE Attribute of the WebUI where attacker-controlled input is persisted by the backend
nvd
CVE-2026-25734P4MEDIUMCVSS 4.8fixed in 35.8.3≥ 36.0.0, < 38.5.4+1 more2026-02-25
CVE-2026-25734 [MEDIUM] CWE-79 CVE-2026-25734: Rucio is a software framework that provides functionality to organize, manage, and access large volu Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting (XSS) vulnerability in the RSE metadata of the WebUI where attacker-controlled input is persisted by the backend and lat
nvd
Cern Rucio vulnerabilities | cvebase