anonhaven
Ad

CVE-2026-34400

MEDIUM CVSS 4.0: 6.9 EPSS 0.02%
Updated Apr 10, 2026
Alerta_Project
Parameter Value
CVSS 6.9 (MEDIUM)
Affected Versions before 9.1.0
Fixed In 9.1.0
Type CWE-89 (SQL Injection)
Vendor Alerta_Project
Public PoC No

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API (q=) was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version 9.1.0.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
None
No data leak
Integrity
Low
Partial data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-89 SQL Injection

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Alerta_Project Alerta
cpe:2.3:a:alerta_project:alerta:*:*:*:*:*:*:*:*
 9.1.0

References 6

https://github.com/alerta/alerta/commit/aeba85a37a09e5769a7a2da56481aa979ff99a00
security-advisories@github.com
https://github.com/alerta/alerta/commit/fdd52cd1abad8d02d1dfb8ecdcdbb43b6af3b883
security-advisories@github.com
https://github.com/alerta/alerta/pull/2040
security-advisories@github.com
https://github.com/alerta/alerta/pull/712
security-advisories@github.com
https://github.com/alerta/alerta/releases/tag/v9.1.0
security-advisories@github.com
https://github.com/alerta/alerta/security/advisories/GHSA-8prr-286p-4w7j
security-advisories@github.com
Share Post Share Share Share