Analyst readout for executives and security teams
Plain-English summary
CVE-2026-12206 is a SQL injection issue in Grit42 Grit through 0.11.0. A remote authenticated user may be able to interfere with database queries, affecting confidentiality, integrity, and availability. Public exploit material is referenced, but the provided sources do not show confirmed active exploitation.
Executive priority
Treat this as a near-term vulnerability management item. Public exploit availability increases urgency, but authentication requirements and lack of confirmed active exploitation keep it below emergency level. Prioritize exposed or multi-user deployments first.
Technical view
The issue affects Grit::Assays::DataTableEntity in modules/assays/backend/app/models/grit/assays/data_table_entity.rb. VulDB maps it to CWE-89 and CWE-74 with CVSS v2 6.5: AV:N/AC:L/Au:S/C:P/I:P/A:P. The vendor reportedly did not respond, and no fixed version is named in the supplied sources.
Likely exposure
Exposure is likely limited to organizations running Grit42 Grit versions 0.1 through 0.11.0, especially where the affected functionality is reachable by authenticated users over a network. The submission reference specifically discusses 0.8.0 through 0.11.0, so confirm exact deployed versions.
Exploitation context
The vulnerability is remotely reachable and appears to require permissions or authentication. Public exploit material is referenced by VulDB and GitHub. However, KEV is false and the supplied sources do not state that attacks are occurring in the wild.
Researcher notes
Evidence is mostly from VulDB and the referenced public research repository. The record says the vendor was contacted but did not respond. No official remediation, patch version, or in-the-wild exploitation evidence is included in the supplied sources.
Mitigation direction
- Identify all Grit42 Grit deployments and versions.
- Restrict access to Grit to trusted users and networks.
- Review vendor channels for an official advisory or fixed release.
- Reduce database privileges used by the Grit application where feasible.
- Monitor application and database logs for abnormal query errors or access patterns.
Validation and detection
- Confirm whether Grit versions 0.1 through 0.11.0 are deployed.
- Verify whether the affected DataTableEntity code path exists.
- Determine whether the affected functionality is reachable remotely.
- Confirm authentication and role requirements for access.
- Review logs for suspicious database errors without testing destructive payloads.
Public sources used
Based on public source material and reviewed before publication.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CWE-74: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Open ATT&CK lookupCWE-89: Database access and collection lookup
Injection into data stores can inform collection, data access, and exfiltration detection reviews. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Open ATT&CK lookupDatabase behavior lookup
The CVE wording references database injection or access, so collection and exfiltration review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
Open ATT&CK lookupCVE-2026-12206 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Medium
- CVSS
- 6.5 (2.0)
- Known Exploited
- No
- Published
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS vector scores
4 official scoresWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR 8 6.4 VulDB CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 2.8 3.4 VulDB CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 2.8 3.4 VulDB CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P — — VulDB Vulnerability scoring details
Base CVSS 4.0 score
5.3 MediumVector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Base CVSS 3.1 score
6.3 MediumVector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Base CVSS 3.0 score
6.3 MediumVector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Base CVSS 2.0 score
6.5 MediumVector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
- Source timeline VulDB
Advisory disclosed
- Source timeline VulDB
VulDB entry created
- CVE reserved CVE Program
The CVE ID was reserved by the assigning CNA.
- Source timeline VulDB
VulDB entry last update
- CVE published CVE Program
The CVE record was published.
- CVE updated CVE Program
The CVE record metadata indicates this as the latest update time.
Source materials
- CVE List V5 source CVE List V5
- VDB-370848 | Grit42 Grit data_table_entity.rb DataTableEntity sql injection CVE reference, VulDB · vdb-entry, technical-description
- VDB-370848 | CTI Indicators (IOB, IOC, TTP, IOA) CVE reference, VulDB · signature, permissions-required
- CVE-2026-12206 | CVE Analysis and Report CVE reference, VulDB · third-party-advisory
- Submit #831646 | grit42 grit v0.8.0 through v0.11.0 SQL Injection CVE reference, VulDB · third-party-advisory
- https://github.com/natanmorette-thoropass/thoropass-vuln-research-program/tree/main/2026/SQL%20Injection%20in%20grit42%20Data%20Table%20Entity%20Endpoint CVE reference, VulDB · exploit
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.