2026-01-21 17:27:31
VulnCheck
PUBLISHED
Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the run_sql endpoint by crafting malicious GraphQL queries that execute system commands through PostgreSQLs COPY FROM PROGRAM functionality.