Vulnerabilities

CVE-2026-28438 - CocoIndex Doris target connector didn't verify table name when constructing ALTE...

2026-03-06 0 views admin
CVE-2026-28438 - CocoIndex Doris target connector didn't verify table name when constructing ALTE...

CVE ID : CVE-2026-28438 Published : March 6, 2026, 7:15 a.m. | 43 minutes ago Description : CocoIndex is a data transformation framework for AI. Prior to version 0.3.34, the Doris target connector didn't verify the configured table name before creating some SQL statements (ALTER TABLE). So, in the application code, if the table name is provided by an untrusted upstream, it expose vulnerability to SQL injection when target schema change. This issue has been patched in version 0.3.34. Severity: 6.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Severity
MEDIUM
Published
March 6, 2026
Impact: SQL injection

🏷️ Tags

28438cocoindexdoristargetconnectorverifytableconstructingcvesql injection

More from Vulnerabilities

CVE-2025-69652 - GNU Binutils Denial of Service Vulnerability

CVE-2025-69652 - GNU Binutils Denial of Service Vulnerability

2026-03-06 0
CVE-2025-69650 - GNU Binutils Double Free Vulnerability

CVE-2025-69650 - GNU Binutils Double Free Vulnerability

2026-03-06 0
CVE-2025-69649 - Apache GNU Binutils Null Pointer Dereference Vulnerability

CVE-2025-69649 - Apache GNU Binutils Null Pointer Dereference Vulnerability

2026-03-06 0
CVE-2025-69653 -

CVE-2025-69653 -

2026-03-06 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views