CVE-2026-12206 | A vulnerability was identified in Grit42 Grit up to 0.11.0. … | CVSS 6.3 MEDIUM

Description

A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/data_table_entity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Metadata

CVE ID: CVE-2026-12206
State: PUBLISHED
Assigner: VulDB
Reserved: 2026-06-14 12:19 UTC
Published: 2026-06-15 01:30 UTC
Last updated: 2026-06-15 10:35 UTC
Primary CWE: CWE-89
SQL Injection
Vendor / Product: Grit42 / Grit
Sources: cve.org · NVD

Severity & Metrics

6.3 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Grit42	Grit	—	0.1, 0.2, 0.3, 0.4 …

Weakness (CWE)

CWE	Source	Description
CWE-74	cna	Injection
CWE-89	cna	SQL Injection

CVSS scores (4)

Score	Severity	Version	Source	Vector
6.5	N/D	2.0	cna	AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
6.3	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
6.3	MEDIUM	3.0	cna	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
5.3	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

References (5)

VDB-370848 | Grit42 Grit data_table_entity.rb DataTableEntity sql injection https://vuldb.com/vuln/370848
VDB-370848 | CTI Indicators (IOB, IOC, TTP, IOA) https://vuldb.com/vuln/370848/cti
CVE-2026-12206 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-12206
Submit #831646 | grit42 grit v0.8.0 through v0.11.0 SQL Injection https://vuldb.com/submit/831646
https://github.com/natanmorette-thoropass/thoropass-vuln-research-program/tree/main/2026/SQL%20Injection%20in%20grit42%20Data%20Table%20Entity%20Endpoint