CyberRota
← Ana sayfaya dön

CVE-2026-54698

UNKNOWN · CVSS N/A Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-07T22:16:53.500 · Çekilme zamanı: 2026-07-08T00:05:59.249277+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

GitHub PoC Linkleri

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-54698
Severity
UNKNOWN
CVSS
N/A
EPSS
Yok
Oracle

Orijinal NVD Açıklaması

Hasura is an open-source product that provides users GraphQL or REST APIs. Prior to 2.49.2 and 2.45.5, a user can use a where clause on a table computed field (returning SETOF some_table) to infer row values that ought to be filtered for their role based on some_table's row-level permissions. While such rows cannot be returned directly, like predicates on strings for instance allow values to be brute forced efficiently with the where clause as an oracle. This issue is fixed in versions 2.49.2 and 2.45.5.