SQLFluff CVE-2026-46374
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from Vendor (https://github.com/sqlfluff/sqlfluff) · only source for this CVE.
CVSS VectorVendor: https://github.com/sqlfluff/sqlfluff
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2Blast Radius
ecosystem impact- 1 pypi packages depend on sqlfluff (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 4.2.0.
DescriptionCVE.org
Impact
In deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to trigger a Denial of Service through resource exhaustion.
Patches
Versions 4.2.0 and up contain a configurable parse node limit, which is enabled by default, to prevent this manner of exploit.
Credit
Ori Nakar from Imperva Threat Research Team.
AnalysisAI
Denial of service in SQLFluff parser (pip/sqlfluff) versions prior to 4.2.0 allows remote unauthenticated attackers to exhaust CPU and memory resources by submitting an excessively long or malicious SQL query for linting. The flaw affects any application that exposes the SQLFluff parser to untrusted input. No public exploit identified at time of analysis, but the issue was responsibly reported by Imperva Threat Research.
Technical ContextAI
SQLFluff is a widely used Python-based SQL linter and formatter distributed via PyPI (pkg:pip/sqlfluff) that parses SQL into an abstract syntax tree before applying lint rules. The root cause maps to CWE-400 (Uncontrolled Resource Consumption): the parser previously had no upper bound on the number of parse nodes it would generate for a single input query, so an adversarially crafted long query could force the parser to allocate an unbounded tree, consuming CPU cycles and memory until the host process becomes unresponsive. The vendor fix introduces a configurable parse node limit, enabled by default starting in 4.2.0, that aborts parsing once the node ceiling is reached.
RemediationAI
Upgrade SQLFluff to vendor-released patch 4.2.0 or later (pip install --upgrade 'sqlfluff>=4.2.0'), which ships the configurable parse node limit enabled by default; see the advisory at https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-73jc-5mrq-prw7 for details. If immediate upgrade is not feasible, compensating controls include refusing to lint queries above a strict byte/length threshold at the application boundary before handing them to SQLFluff (trade-off: legitimately large generated SQL may be rejected), running the linter in a sandboxed worker with hard CPU and memory cgroup limits and short wall-clock timeouts so a runaway parse can be killed without affecting the host (trade-off: added operational complexity), and restricting the linting endpoint to authenticated internal users until the upgrade is rolled out (trade-off: removes any public self-service linting feature).
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-73jc-5mrq-prw7