THREATOPS
THREAT OPSThreat News › [GHSA] GHSA-m4m7-4cw8-62j6 (critical) — DIRAC is vulnerable to RCE in FileCatalog DatasetManager via SQL injection + eval

[GHSA] GHSA-m4m7-4cw8-62j6 (critical) — DIRAC is vulnerable to RCE in FileCatalog DatasetManager via SQL injection + eval

highgithub_advisoriesPublished 2026-07-13

GHSA-m4m7-4cw8-62j6 Severity: critical CVE: CVE-2026-61667

DIRAC is vulnerable to RCE in FileCatalog DatasetManager via SQL injection + eval

### Summary The FileCatalog DatasetManager runs a query on the database and passes the result to eval. The SQL query contains an injection vulnerability which allows an authenticated user to control the parameter returned to the eval resulting in remote cod

Indicators of compromise

Original source: https://github.com/advisories/GHSA-m4m7-4cw8-62j6