Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionGitHub Advisory
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden ?debug=true query parameter that returns the complete raw SQL query being executed, including all table names, column names, JOIN relationships, WHERE conditions (revealing access control logic), and multi-tenant space IDs. This parameter works even when Django's DEBUG=False (production mode) and is accessible to any authenticated user regardless of their privilege level. This allows a low-privilege attacker to map the entire database schema and reverse-engineer the authorization model. Version 2.6.0 patches the issue.
AnalysisAI
Tandoor Recipes application versions prior to 2.6.0 expose complete database schema and access control logic through an undocumented debug parameter in the Recipe API endpoint, allowing any authenticated user to extract raw SQL queries including table structures, JOIN relationships, WHERE conditions, and multi-tenant space identifiers even in production environments with DEBUG=False. A proof-of-concept exploit is available (SSVC exploitation status: poc). The CVSS 4.0 score of 7.7 reflects network-based exploitation with no attack complexity, and SSVC indicates the vulnerability is automatable with partial technical impact.
Technical ContextAI
The vulnerability affects Tandoor Recipes (CPE: cpe:2.3:a:tandoorrecipes:recipes:*:*:*:*:*:*:*:*), a Python-based Django application for recipe and meal management. The root cause is classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). The Recipe API endpoint implements a hidden query parameter '?debug=true' that bypasses Django's production safety controls (DEBUG=False setting) and returns complete SQL query strings to the caller. This exposes internal database implementation details including schema design, access control predicates, and tenant isolation mechanisms that should never be visible to application users. The implementation fails to restrict debug functionality to development environments or privileged administrators, treating it as a production feature accessible to any authenticated session.
RemediationAI
Upgrade Tandoor Recipes to version 2.6.0 or later, which removes the vulnerable debug parameter from the Recipe API endpoint (vendor-released patch: version 2.6.0). The fix is available through the official release at https://github.com/TandoorRecipes/recipes/releases/tag/2.6.0 and documented in the GitHub security advisory at https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-f83r-v3h5-pchf. Until patching is feasible, implement Web Application Firewall (WAF) rules or reverse proxy filtering to block HTTP requests containing the 'debug=true' query parameter on Recipe API endpoints. For multi-tenant deployments, audit logs for requests containing the debug parameter to identify potential reconnaissance activity, and review application user privilege assignments to limit blast radius of information disclosure.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16317