CVE Catalog

CVE-2026-39196

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile — higher than 5% of all known CVEs

Summary

Version 0.54.0 of Datadog, Inc's Vector was found to contain a SQL injection vulnerability in the set_uri_query parameter of the KeyPartitioner::partition function. This vulnerability allows attackers to access sensitive database information via crafted SQL statements.

Risk Assessment

This vulnerability could lead to the exposure of confidential database information, posing a serious security threat to the organization.

Recommendation

It is recommended to update the Vector software to the latest version to mitigate this vulnerability and conduct a security audit of the database.

Original NVD description (English source)

Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection vulnerability in the set_uri_query parameter in the KeyPartitioner::partition function. This vulnerability allows attackers to access sensitive database information via crafted SQL statements.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS