Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionGitHub Advisory
Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution (RCE) vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the database server by injecting SQL through the unsanitized timeZone parameter in the REST API groupBy endpoint. The timeZone field within the group_by query parameter is directly interpolated into a raw SQL expression using JavaScript template literals without any parameterization, validation, or escaping. This affects engine/api/graphql/graphql-query-runner/group-by/resolvers/utils/get-group-by-expression.util.ts.
AnalysisAI
Remote code execution in Twenty CRM versions 1.7.7 through 1.16.7 allows authenticated users to execute arbitrary OS commands on the database server by chaining SQL injection in the REST API groupBy endpoint with PostgreSQL's COPY TO PROGRAM functionality. The unsanitized timeZone parameter is interpolated directly into raw SQL via JavaScript template literals, and exploitation succeeds whenever the application's Postgres role holds superuser privileges. Publicly available exploit code exists per SSVC, though EPSS scoring (0.15%) suggests exploitation activity has not yet become widespread.
Technical ContextAI
Twenty is an open-source CRM platform whose GraphQL/REST query runner builds PostgreSQL group_by expressions in engine/api/graphql/graphql-query-runner/group-by/resolvers/utils/get-group-by-expression.util.ts. The timeZone field inside the group_by query parameter is concatenated into a raw SQL fragment using JavaScript template literals, with no parameter binding, allow-listing, or escaping - a textbook CWE-78 (OS Command Injection) outcome enabled by SQL injection. PostgreSQL's COPY ... TO PROGRAM directive lets a superuser pipe query output through an OS command, so once SQLi is achieved on a database connection whose role has SUPERUSER, the injected statement reaches the underlying shell of the database host. The affected CPE is cpe:2.3:a:twentyhq:twenty covering all versions in the stated range.
RemediationAI
Upgrade Twenty CRM to a release later than 1.16.7 as described in the vendor advisory at https://github.com/twentyhq/twenty/security/advisories/GHSA-jgx4-6mr9-9573; the input data does not name a specific fixed tag, so upstream fix available per advisory but released patched version not independently confirmed - consult the GHSA before deploying. As immediate compensating controls, reconfigure the application's PostgreSQL role to remove SUPERUSER (this alone blocks COPY TO PROGRAM and downgrades the bug from RCE to SQLi, with the side effect that any Twenty features relying on superuser-only operations must be reviewed), block or proxy-filter the REST API groupBy endpoint at the reverse proxy to reject group_by parameters containing quote, semicolon, or COPY/PROGRAM tokens (may break legitimate group-by queries with unusual time zones), and restrict access to the API to trusted networks or via authenticated VPN since exploitation requires only a valid low-privilege account. Rotate database credentials and audit logs for unexpected COPY TO PROGRAM statements after patching.
More in PostgreSQL
View allPostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() improperl
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows re
Unauthenticated arbitrary file write in Splunk Enterprise (below 10.2.4 and 10.0.7) and Splunk Cloud Platform (below 10.
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allow
The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate t
A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitra
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_serve
## Summary An unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query strin
Parse Server is an open source http web server backend. Rated critical severity (CVSS 10.0), this vulnerability is remot
Hard-coded default PostgreSQL credentials shipped in the docker-compose.yaml of langgenius Dify through version 1.5.1 al
A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for
Same weakness CWE-78 – OS Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31907