PatchSiren cyber security CVE debrief
CVE-2026-12206 Grit42 CVE debrief
A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/data_table_entity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
- Vendor
- Grit42
- Product
- Grit
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Grit42 Grit up to 0.11.0
Technical summary
The vulnerability affects the function Grit::Assays::DataTableEntity in the file modules/assays/backend/app/models/grit/assays/data_table_entity.rb. The manipulation leads to SQL injection, which can be carried out remotely.
Defensive priority
Low
Recommended defensive actions
- Update Grit42 Grit to a version beyond 0.11.0
- Implement input validation and sanitization for SQL queries
- Use prepared statements to prevent SQL injection
Evidence notes
The vulnerability has a CVSS score of 2.1 and is considered Low severity. The exploit is publicly available.
Official resources
CVE-2026-12206 was published on 2026-06-15T02:16:12.477Z