{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-29953", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-30T19:34:41.384Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-30T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-30T16:06:37.277Z"}, "descriptions": [{"lang": "en", "value": "SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gist.github.com/b0b0haha/fb59199fb1fdf9414e76442e0599bfed"}, {"url": "https://github.com/b0b0haha/SchemaHero--Sqlinjection/blob/main/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T19:33:52.741083Z", "id": "CVE-2026-29953", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T19:34:41.384Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-29953", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T19:33:52.741083Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T18:49:53.107Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://gist.github.com/b0b0haha/fb59199fb1fdf9414e76442e0599bfed"}, {"url": "https://github.com/b0b0haha/SchemaHero--Sqlinjection/blob/main/README.md"}], "descriptions": [{"lang": "en", "value": "SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-30T16:06:37.277Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29953", "state": "PUBLISHED", "dateUpdated": "2026-03-30T19:34:41.384Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-30T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schemahero:schemahero:*:*:*:*:*:*:*:*", "matchCriteriaId": "66D6AE8B-3D4C-4AB1-9176-EA0DEF149589", "versionEndIncluding": "0.23.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en SchemaHero 0.23.0 a trav\u00e9s del par\u00e1metro column a la funci\u00f3n columnAsInsert en el archivo plugins/postgres/lib/column.go."}], "id": "CVE-2026-29953", "lastModified": "2026-04-02T20:10:42.580", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 3.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-30T16:16:04.433", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/b0b0haha/fb59199fb1fdf9414e76442e0599bfed"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/b0b0haha/SchemaHero--Sqlinjection/blob/main/README.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-31T04:22:53.698460+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest SchemaHero release that addresses the SQL injection flaw", "If an upgrade is not immediately possible, reconfigure the database user associated with SchemaHero to have the least privileges necessary, eliminating privileges required to execute arbitrary SQL", "Validate or sanitize the column parameter before it is used in SQL statements to prevent injection", "Monitor database and application logs for suspicious query activity"], "summary": {"action": "Patch", "impact": "Data Breach via SQL Injection"}, "threat_synthesis": {"affected_systems": "Systems deploying SchemaHero version 0.23.0 are vulnerable. No other product or version information is provided. The affected environment typically involves Kubernetes clusters or similar setups where SchemaHero is used to manage PostgreSQL schemas.", "description_and_impact": "The vulnerability exists in SchemaHero 0.23.0 where the column parameter supplied to the columnAsInsert function is insufficiently validated, exposing a SQL injection flaw. This flaw allows an attacker to inject arbitrary SQL statements that are executed against the PostgreSQL database. The primary consequence is unauthorized data access and potential modification, which can lead to confidential information leakage or data integrity loss. The weakness is a classic input validation flaw classified as CWE\u201189.", "risk_and_exploitability": "The CVSS score of 7.4 marks the vulnerability as high severity, indicating significant potential impact if exploited. EPSS data is unavailable, so the likelihood of exploitation cannot be precisely quantified, but the attack vector is inferred to be remote through any interface that accepts the column parameter\u2014most likely an API or CLI used by administrators. The vulnerability is not listed in the CISA KEV catalog, suggesting no widespread public exploitation has been reported yet. Nonetheless, the combination of a high severity score and the ability to execute arbitrary SQL makes this a serious risk that should be mitigated promptly."}}}}, "created": "2026-03-31T20:00:29.614044+00:00", "title": "SQL Injection in SchemaHero Column Parameter Allows Unauthorized Data Access", "updated": "2026-03-31T20:00:29.614082+00:00", "vendors": []}