Skip to main content

Recce CVE-2026-49360

HIGH
External Control of File Name or Path (CWE-73)
2026-07-02 https://github.com/DataRecce/recce GHSA-rh62-j648-g5qc
Share

Severity by source

vuln.today AI
9.1 CRITICAL

Unauthenticated network-reachable query API (AV:N/PR:N/UI:N) yields arbitrary file read and write (C:H/I:H); availability not clearly impacted (A:N); scope kept Unchanged as impact stays within the process's host/container.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Lifecycle Timeline

1
Analysis Generated
Jul 02, 2026 - 21:50 vuln.today

DescriptionCVE.org

Impact

Recce OSS server deployments that expose the server to an untrusted network without authentication are vulnerable to unauthenticated SQL execution through the query run API.

When Recce is configured with a DuckDB-backed project, an attacker can use DuckDB filesystem primitives to read and write files accessible to the Recce server process. The impact depends on how Recce is deployed, but may include disclosure of local files, tampering with Recce/dbt artifacts, modification of browser-served static files leading to stored XSS, and modification of application files if those paths are writable. If Recce is run as root, file access occurs with root privileges inside that host or container.

Patches

This issue has been patched in Recce v1.50.0. Users should upgrade to Recce v1.50.0 or later.

The patch restricts unsafe file read/write behavior for DuckDB-backed query execution and hardens the affected query path. Other warehouse adapters have also been reviewed for similar exposure.

Credits

Thanks to Sitampan (@hxcbtc) for responsibly reporting this issue.

Workarounds

Users who cannot upgrade immediately should avoid exposing recce server to the public internet or any untrusted network.

Recommended mitigations include enabling authentication or placing Recce behind an authenticated reverse proxy/VPN, running Recce as a non-root user, using a read-only application filesystem where possible, and ensuring that sensitive files or credentials are not available to the Recce process.

AnalysisAI

Unauthenticated arbitrary file read/write in Recce OSS server (DataRecce, PyPI package 'recce') affects DuckDB-backed deployments exposed to untrusted networks, where the query run API executes attacker-supplied SQL without authentication. By abusing DuckDB filesystem primitives an attacker can read and write files accessible to the server process, enabling local file disclosure, tampering with dbt/Recce artifacts, and injection of stored XSS into browser-served static files. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Locate exposed unauthenticated Recce server
Delivery
Send crafted SQL to query run API
Exploit
Invoke DuckDB filesystem primitives
Execution
Read local files and overwrite served static assets
Impact
Plant stored XSS / tamper artifacts as process user

Vulnerability AssessmentAI

Exploitation Requires that (1) the target run 'recce server' with a DuckDB-backed project, and (2) the server be reachable by the attacker on an untrusted network without authentication - Recce OSS has no built-in auth, so a directly exposed instance meets this by default. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment No CVSS or EPSS was supplied and the issue is not in CISA KEV, so quantitative signals are absent and severity must be inferred from the description. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker discovers an internet-exposed 'recce server' running a DuckDB-backed project with no authentication and sends a crafted request to the query run API containing DuckDB SQL that uses filesystem primitives. They read local credential files and overwrite a browser-served static asset with malicious JavaScript, planting stored XSS that fires when an operator opens the Recce UI; if the process runs as root, file access occurs with root privileges in that host or container. …
Remediation Vendor-released patch: Recce v1.50.0 - upgrade to v1.50.0 or later, which restricts unsafe file read/write behavior for DuckDB-backed query execution and hardens the affected query path (per GHSA-rh62-j648-g5qc). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Recce OSS deployments using DuckDB backend and assess network exposure to untrusted sources. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-49360 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy