CVE-2026-39946— OpenBao allows SQL Injection in PostgreSQL database secrets engine
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-39946
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenBao allows SQL Injection in PostgreSQL database secrets engine
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, OpenBao failed to use proper database quoting on schema names provided by PostgreSQL. This could lead to role revocation failures, or more rarely, SQL injection as the management user. This vulnerability was original from HashiCorp Vault. The vulnerability is addressed in v2.5.3. As a workaround, audit table schemas and ensure database users cannot create new schemas and grant privileges on them.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenBao SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenBao是OpenBao开源的一个敏感数据管理软件。 OpenBao 2.5.3之前版本存在SQL注入漏洞,该漏洞源于在PostgreSQL数据库密钥引擎中撤销角色权限时,未对模式名称使用正确的数据库引用,可能导致角色撤销失败或SQL注入攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-39946
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-39946
请登录查看更多情报信息。
Same Patch Batch · openbao · 2026-04-21 · 4 CVEs total
| CVE-2026-39396 | 3.1 LOW | OpenBao has Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS) |
| CVE-2026-39388 | OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate | |
| CVE-2026-40264 | OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation |
IV. Related Vulnerabilities
Same product: openbao
- CVE-2026-40264
OpenBao's Token Store Allows Cross-Namespace Renewal, Revoca - CVE-2026-39396
OpenBao has Decompression Bomb via Unbounded Copy in OCI Plu - CVE-2026-39388
OpenBao's Certificate Authentication Allows Token Renewal Wi - CVE-2026-33758
OpenBao has Reflected XSS in its OIDC authentication error m - CVE-2026-33757
OpenBao lacks user confirmation for OIDC direct callback mod
Same vendor: openbao
- CVE-2026-40264
OpenBao's Token Store Allows Cross-Namespace Renewal, Revoca - CVE-2026-39396
OpenBao has Decompression Bomb via Unbounded Copy in OCI Plu - CVE-2026-39388
OpenBao's Certificate Authentication Allows Token Renewal Wi - CVE-2026-33758
OpenBao has Reflected XSS in its OIDC authentication error m - CVE-2026-33757
OpenBao lacks user confirmation for OIDC direct callback mod
Same weakness: CWE-89
- CVE-2021-47941
WordPress Plugin Survey & Poll 1.5.7.3 SQL Injection via sss - CVE-2021-47930
Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthentic - CVE-2021-47928
Opencart TMD Vendor System 3.x Blind SQL Injection via produ - CVE-2026-8231
CodeAstro Online Catering Ordering System deleteorder.php sq - CVE-2025-14179
SQL injection in pdo_firebird via NUL bytes in quoted string
V. Comments for CVE-2026-39946
No comments yet