What is CVE-2026-3118?

CVE-2026-3118 is a medium-severity vulnerability in Red Hat Developer Hub 1.8, classified under SQL Injection. CVSS score: 6.5/10. Published 2026-02-25.

How severe is CVE-2026-3118?

Medium severity. CVSS v3 base score is 6.5 out of 10.

SQL Injection in Red Hat Developer Hub 1.8

CVE-2026-3118

A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into…

Vulnerability class: SQL Injection

EPSS: 0.005 (40.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Red Hat Developer Hub 1.8 — versions 1776784286, sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9
Red Hat Developer Hub 1.9 — versions 1777903262
Redhat Developer_hub

Weakness classification (CWE)

CWE-89 — SQL Injection

References

secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vdb-entry, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, issue-tracking, Issue Tracking, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2026-3118?: CVE-2026-3118 is a medium-severity vulnerability in Red Hat Developer Hub 1.8, classified under SQL Injection. CVSS score: 6.5/10. Published 2026-02-25.
How severe is CVE-2026-3118?: Medium severity. CVSS v3 base score is 6.5 out of 10.