EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

Two vulnerabilities disclosed in Saltcorn software including unauthenticated path traversal and SQL injection

Evidence first: scan the strongest sources, then decide whether to go deeper.

github
vulnerabilitiescveghsaopen_sourcesoftware_security
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (2)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (1 domains)domains are deduped. counts indicate coverage, not truth.
1 top source shown
limited source diversity in top sources
View all evidence
Overview

Two security vulnerabilities have been reported in Saltcorn, an open-source platform. One is a high-severity unauthenticated path traversal vulnerability in sync endpoints that allows arbitrary file write and directory read (CVE-2026-40163).

Entities
Saltcorn@saltcorn/data
Score total
0.58
Momentum 24h
2
Posts
2
Origins
1
Source types
1
Duplicate ratio
0%
Why now
  • Both vulnerabilities were disclosed within the last 24 hours, indicating fresh risk.
  • High-severity and low-severity issues require different mitigation priorities.
  • Users and administrators of Saltcorn should urgently review and apply security updates.
Why it matters
  • Unauthenticated path traversal can lead to severe system compromise via arbitrary file writes.
  • SQL injection vulnerabilities risk data integrity and unauthorized data access.
  • Prompt patching is critical to prevent exploitation of these disclosed vulnerabilities.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
  • Saltcorn has an unauthenticated path traversal vulnerability allowing arbitrary file write and directory read
  • @saltcorn/data is vulnerable to SQL injection via jsexprToSQL Literal Handler
How sources frame it
  • Github_advisories: neutral
All evidence
All evidence
@saltcorn/data vulnerable to SQL Injection via jsexprToSQL Literal Handler
github_advisories · github.com · 2026-04-10 19:30 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 1Origin domains: 1Duplicates: -
Showing 1 / 0
Top publishers (this list)
  • github_advisories (1)
Top origin domains (this list)
  • github.com (1)