CVE-2026-12206 | Grit42 Grit up to 0.11.0 data_table_entity.rb DataTableEntity sql injection

A vulnerability, which was classified as critical, has been found in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/data_table_entity.rb. The manipulation leads to sql injection.

This vulnerability is uniquely identified as CVE-2026-12206. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-12206 | Grit42 Grit up to 0.11.0 data_table_entity.rb DataTableEntity sql injection

Post correlati

CVE-2025-27380 | Altium Enterprise Server up to 7.0.5 Project Release cross site scripting

CVE-2024-23901 | GitLab Branch Source Plugin up to 684.vea_fa_7c1e2fe3 on Jenkins Project Sharing access control

CVE-2024-7059 | Genetec Security Center prior 5.12.2.1 externally-controlled input to select classes or code

CVE-2026-7032 | Tenda F456 1.0.0.5 /goform/SafeEmailFilter page buffer overflow