CRITICAL
Cern
CVE published 2026-05-06
CVE-2026-29090
CVE-2026-29090 is a critical SQL injection issue in Rucio's `FilterEngine.create_postgres_query()` path. When the `postgres_meta` metadata plugin is enabled, authenticated users can supply attacker-controlled filter keys and values through the DID search endpoint and have them interpolated into raw PostgreSQL SQL. The result can include exposure, modification, or deletion of metadata, and in some environm [truncated]