MEDIUM
hasura
CVE published 2026-07-07
CVE-2026-54698
CVE-2026-54698 is a security vulnerability in Hasura's GraphQL or REST APIs, allowing users to infer row values that ought to be filtered for their role based on some_table's row-level permissions using a where clause on a table computed field. This issue is fixed in versions 2.49.2 and 2.45.5. The vulnerability allows for potential brute-force attacks on string predicates. Affected operators, platforms, [truncated]