What is CVE-2026-29080?

CVE-2026-29080 is a high-severity vulnerability in Cern Rucio, classified under SQL Injection. CVSS score: 8.8/10. Published 2026-05-06.

How severe is CVE-2026-29080?

High severity. CVSS v3 base score is 8.8 out of 10.

SQL Injection in Cern Rucio

CVE-2026-29080

A SQL injection vulnerability in `FilterEngine.create_sqla_query()` allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (`GET /dids/<scope>/dids/search`). On Oracle depl…

Vulnerability class: SQL Injection

EPSS: 0.000 (15.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cern Rucio
Rucio — versions >= 1.27.0, < 35.8.5, >= 35.9.0, < 38.5.5, >= 38.6.0, < 39.4.2

Weakness classification (CWE)

CWE-89 — SQL Injection

References

security-advisories@github.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2026-29080?: CVE-2026-29080 is a high-severity vulnerability in Cern Rucio, classified under SQL Injection. CVSS score: 8.8/10. Published 2026-05-06.
How severe is CVE-2026-29080?: High severity. CVSS v3 base score is 8.8 out of 10.