FKIE_CVE-2026-0603

Vulnerability from fkie_nvd - Published: 2026-01-23 07:15 - Updated: 2026-03-18 16:16
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Summary
A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application's database, resulting in an application level denial of service.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:4915
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:4916
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:4917
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:4924
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2026-0603
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2427147
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application\u0027s database, resulting in an application level denial of service."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla en Hibernate. Un atacante remoto con pocos privilegios podr\u00eda explotar una vulnerabilidad de inyecci\u00f3n SQL de segundo orden al proporcionar caracteres no alfanum\u00e9ricos especialmente dise\u00f1ados y no saneados en la columna ID cuando se utiliza el InlineIdsOrClauseBuilder. Esto podr\u00eda llevar a la revelaci\u00f3n de informaci\u00f3n sensible, como la lectura de archivos del sistema, y permitir la manipulaci\u00f3n o eliminaci\u00f3n de datos dentro de la base de datos de la aplicaci\u00f3n, lo que resultar\u00eda en una denegaci\u00f3n de servicio a nivel de aplicaci\u00f3n."
    }
  ],
  "id": "CVE-2026-0603",
  "lastModified": "2026-03-18T16:16:24.877",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.5,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-23T07:15:53.660",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:4915"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:4916"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:4917"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:4924"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2026-0603"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427147"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.