SQL Injection in Openremote
CVE-2026-62238
OpenRemote before 1.26.0 contain an authenticated SQL injection vulnerability in the datapoint crosstab export endpoint that constructs PostgreSQL queries by concatenating asset display names into raw SQL. An authenticated attacker with as…
Vulnerability class: SQL Injection
Affected products
- Openremote — versions 0, 1.26.0
Weakness classification (CWE)
References
- disclosure@vulncheck.com (vendor-advisory)
- disclosure@vulncheck.com (third-party-advisory)