SQL Injection in Openremote

CVE-2026-62238

OpenRemote before 1.26.0 contain an authenticated SQL injection vulnerability in the datapoint crosstab export endpoint that constructs PostgreSQL queries by concatenating asset display names into raw SQL. An authenticated attacker with as…

Vulnerability class: SQL Injection

Affected products

Weakness classification (CWE)

References