OpenSSL
CVE-2026-33504
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
Description
Following Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation:
- listOAuth2Clients
- listOAuth2ConsentSessions
- listTrustedOAuth2JwtGrantIssuers
Pagination tokens are encrypted using the secret configured in secrets.pagination. If this value is not set, Hydra falls back to using secrets.system. An attacker who knows this secret can craft their own tokens, including malicious tokens that lead to SQL injection.
Preconditions
This issue can be exploited when the following conditions are met:
- One or more admin APIs listed above are directly or indirectly accessible to the attacker
- The attacker can pass a raw pagination token to the affected API
- The configuration value
secrets.paginationis set and known to the attacker, orsecrets.paginationis not set andsecrets.systemis known to the attacker
Impact
An attacker can execute arbitrary SQL queries through forged pagination tokens.
Mitigation
As a first line of defense, immediately configure a custom value for secrets.pagination by generating a cryptographically secure random secret, for example:
openssl rand -base64 32Next, upgrade Hydra to the fixed version as soon as possible.
AnalysisAI
Ory Hydra, an OAuth 2.0 and OpenID Connect provider, contains a SQL injection vulnerability in three admin APIs (listOAuth2Clients, listOAuth2ConsentSessions, listTrustedOAuth2JwtGrantIssuers) due to insecure pagination token handling. Attackers who know the pagination secret can craft malicious encrypted tokens to execute arbitrary SQL queries. The CVSS score of 7.2 requires high privileges (PR:H), but successful exploitation grants full database access with high confidentiality, integrity, and availability impact.
Technical ContextAI
This vulnerability affects the Go-based Ory Hydra OAuth/OIDC server (pkg:go/github.com_ory_hydra). The root cause is CWE-89 (SQL Injection) in the pagination implementation where tokens are encrypted using secrets.pagination or secrets.system as a fallback. The flaw allows authenticated administrators or attackers with secret knowledge to bypass input sanitization by forging encrypted pagination tokens that contain SQL payloads. When these tokens are decrypted and processed by the admin APIs, the malicious SQL is executed against the backend database without proper parameterization or validation.
RemediationAI
Immediately generate a new cryptographically secure random secret using 'openssl rand -base64 32' and configure it as secrets.pagination in the Hydra configuration to prevent token forgery. Upgrade to the patched version of Ory Hydra as specified in the GitHub security advisory at https://github.com/ory/hydra/security/advisories/GHSA-r9w3-57w2-gch2 as soon as possible. As defense-in-depth measures, restrict network access to admin APIs to trusted IP ranges only, implement additional authentication/authorization layers before admin endpoints, rotate all existing pagination tokens after updating the secret, and audit database logs for suspicious queries that may indicate prior exploitation.
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to se
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Rated hig
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto
Same weakness CWE-89 – SQL Injection
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-r9w3-57w2-gch2