CVE-2026-12206
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
A vulnerability was identified in Grit42 Grit up to version 0.11.0, affecting the function Grit::Assays::DataTableEntity in the file modules/assays/backend/app/models/grit/assays/data_table_entity.rb. The manipulation leads to SQL injection.
Risk Assessment
The attack can be carried out remotely, and public exploits are available, increasing the risk of this vulnerability being exploited.
Recommendation
It is recommended to update to the latest version of Grit42 to mitigate this vulnerability and to monitor systems for potential attacks.
Original NVD description (English source)
A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/data_table_entity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

