PatchSiren cyber security CVE debrief
CVE-2026-39196 Datadog, Inc CVE debrief
A SQL injection vulnerability was discovered in Datadog Vector v0.54.0. The vulnerability exists in the set_uri_query parameter of the KeyPartitioner::partition function. This allows attackers to access sensitive database information via crafted SQL statements.
- Vendor
- Datadog, Inc
- Product
- Vector
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Datadog Vector v0.54.0 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is a SQL injection issue in the KeyPartitioner::partition function of Datadog Vector v0.54.0. Specifically, the set_uri_query parameter is vulnerable to SQL injection attacks.
Defensive priority
High
Recommended defensive actions
- Update to a patched version of Datadog Vector if available.
- Use prepared statements or parameterized queries to prevent SQL injection attacks.
- Limit database privileges to the minimum required for the application.
Evidence notes
The CVE record for CVE-2026-39196 was obtained from the official CVE database.
Official resources
-
CVE-2026-39196 CVE record
CVE.org
-
CVE-2026-39196 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-39196 was published on 2026-06-15T20:16:27.567Z.