HIGH
dbgate
CVE published 2026-06-15
CVE-2026-48017
CVE-2026-48017 is a high-severity vulnerability in DbGate, a cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. This allows an authenticated user with basic access (no admin role, no run-shell-script permission required) to [truncated]