Recce CVE-2026-49360
HIGHSeverity by source
Unauthenticated network-reachable query API (AV:N/PR:N/UI:N) yields arbitrary file read and write (C:H/I:H); availability not clearly impacted (A:N); scope kept Unchanged as impact stays within the process's host/container.
Lifecycle Timeline
1DescriptionCVE.org
Impact
Recce OSS server deployments that expose the server to an untrusted network without authentication are vulnerable to unauthenticated SQL execution through the query run API.
When Recce is configured with a DuckDB-backed project, an attacker can use DuckDB filesystem primitives to read and write files accessible to the Recce server process. The impact depends on how Recce is deployed, but may include disclosure of local files, tampering with Recce/dbt artifacts, modification of browser-served static files leading to stored XSS, and modification of application files if those paths are writable. If Recce is run as root, file access occurs with root privileges inside that host or container.
Patches
This issue has been patched in Recce v1.50.0. Users should upgrade to Recce v1.50.0 or later.
The patch restricts unsafe file read/write behavior for DuckDB-backed query execution and hardens the affected query path. Other warehouse adapters have also been reviewed for similar exposure.
Credits
Thanks to Sitampan (@hxcbtc) for responsibly reporting this issue.
Workarounds
Users who cannot upgrade immediately should avoid exposing recce server to the public internet or any untrusted network.
Recommended mitigations include enabling authentication or placing Recce behind an authenticated reverse proxy/VPN, running Recce as a non-root user, using a read-only application filesystem where possible, and ensuring that sensitive files or credentials are not available to the Recce process.
AnalysisAI
Unauthenticated arbitrary file read/write in Recce OSS server (DataRecce, PyPI package 'recce') affects DuckDB-backed deployments exposed to untrusted networks, where the query run API executes attacker-supplied SQL without authentication. By abusing DuckDB filesystem primitives an attacker can read and write files accessible to the server process, enabling local file disclosure, tampering with dbt/Recce artifacts, and injection of stored XSS into browser-served static files. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires that (1) the target run 'recce server' with a DuckDB-backed project, and (2) the server be reachable by the attacker on an untrusted network without authentication - Recce OSS has no built-in auth, so a directly exposed instance meets this by default. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No CVSS or EPSS was supplied and the issue is not in CISA KEV, so quantitative signals are absent and severity must be inferred from the description. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker discovers an internet-exposed 'recce server' running a DuckDB-backed project with no authentication and sends a crafted request to the query run API containing DuckDB SQL that uses filesystem primitives. They read local credential files and overwrite a browser-served static asset with malicious JavaScript, planting stored XSS that fires when an operator opens the Recce UI; if the process runs as root, file access occurs with root privileges in that host or container. … |
| Remediation | Vendor-released patch: Recce v1.50.0 - upgrade to v1.50.0 or later, which restricts unsafe file read/write behavior for DuckDB-backed query execution and hardens the affected query path (per GHSA-rh62-j648-g5qc). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Recce OSS deployments using DuckDB backend and assess network exposure to untrusted sources. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-73 – External Control of File Name or Path
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-rh62-j648-g5qc