{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-29953", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-30T19:34:41.384Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-30T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-30T16:06:37.277Z"}, "descriptions": [{"lang": "en", "value": "SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gist.github.com/b0b0haha/fb59199fb1fdf9414e76442e0599bfed"}, {"url": "https://github.com/b0b0haha/SchemaHero--Sqlinjection/blob/main/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T19:33:52.741083Z", "id": "CVE-2026-29953", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T19:34:41.384Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-29953", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T19:33:52.741083Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T18:49:53.107Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://gist.github.com/b0b0haha/fb59199fb1fdf9414e76442e0599bfed"}, {"url": "https://github.com/b0b0haha/SchemaHero--Sqlinjection/blob/main/README.md"}], "descriptions": [{"lang": "en", "value": "SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-30T16:06:37.277Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29953", "state": "PUBLISHED", "dateUpdated": "2026-03-30T19:34:41.384Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-30T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schemahero:schemahero:*:*:*:*:*:*:*:*", "matchCriteriaId": "66D6AE8B-3D4C-4AB1-9176-EA0DEF149589", "versionEndIncluding": "0.23.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en SchemaHero 0.23.0 a trav\u00e9s del par\u00e1metro column a la funci\u00f3n columnAsInsert en el archivo plugins/postgres/lib/column.go."}], "id": "CVE-2026-29953", "lastModified": "2026-04-02T20:10:42.580", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 3.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-30T16:16:04.433", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/b0b0haha/fb59199fb1fdf9414e76442e0599bfed"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/b0b0haha/SchemaHero--Sqlinjection/blob/main/README.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.23.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "schemahero", "vendor": "schemahero"}], "analysis": {"en": {"generated_at": "2026-04-02T23:07:38.150199+00:00", "value": {"mitigation_remediation": ["Upgrade SchemaHero to a newer release that removes the SQL injection flaw (e.g., 0.24.0 or later).", "If an upgrade cannot be performed immediately, block or narrow external network access to the SchemaHero API endpoint using firewall rules or IAM policies.", "Enable detailed logging of API requests and SQL executions, and routinely monitor for anomalous queries or error messages that may indicate injection attempts."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized Data Access via SQL Injection"}, "threat_synthesis": {"affected_systems": "SchemaHero, the Kubernetes schema\u2011management utility, is affected in version\u00a00.23.0. The vulnerable code resides in the PostgreSQL plugin, so any deployment that exposes the API surface of this version is susceptible to exploitation.", "description_and_impact": "A SQL injection vulnerability exists in SchemaHero 0.23.0 within the columnAsInsert function of the PostgreSQL plugin. By manipulating the column parameter, an attacker can influence the SQL statement that the tool constructs, potentially allowing the attacker to read or modify database content. This flaw is a classic instance of CWE\u201189 and directly threatens the confidentiality and integrity of data managed by PostgreSQL.", "risk_and_exploitability": "The CVSS assessment of 7.4 indicates a high severity level, and the EPSS score is below 1\u202f%, suggesting low current exploitation likelihood. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote via the exposed API endpoint, requiring only network access to the SchemaHero control plane. Once exploited, an attacker could potentially retrieve or tamper with any data housed in the targeting PostgreSQL instance, creating a significant risk to organizational assets."}}}}, "created": "2026-03-31T20:00:29.614044+00:00", "updated": "2026-04-03T09:38:23.028921+00:00", "vendors": ["schemahero", "schemahero$PRODUCT$schemahero"]}