CVE-2026-12076

Source
https://cve.org/CVERecord?id=CVE-2026-12076
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-12076.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-12076
Published
2026-06-30T09:10:16.189Z
Modified
2026-07-15T01:49:00.294313513Z
Severity
  • 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
SQL Injection in Raytha CMS
Details

Raytha CMS is vulnerable to SQL Injection within the OData filter parsing pipeline.  The vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL statements against the underlying PostgreSQL database, leading to full database compromise, including credential extraction.

Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 1.5.2 but may also affect other versions.

Database specific
{
    "cna_assigner": "CERT-PL",
    "cwe_ids": [
        "CWE-89"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/12xxx/CVE-2026-12076.json"
}
References

Affected packages

Git / github.com/raythahq/raytha

Affected ranges

Type
GIT
Repo
https://github.com/raythahq/raytha
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "1.5.2"
        },
        {
            "last_affected": "1.5.2"
        }
    ]
}

Affected versions

1.*
1.5.2
v1.*
v1.5.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-12076.json"