Skip to main content

Dagster EUVDEUVD-2026-28368

| CVE-2026-41490 HIGH
SQL Injection (CWE-89)
2026-05-07 GitHub_M GHSA-mjw2-v2hm-wj34
8.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.3 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

3
Source Code Evidence Fetched
May 07, 2026 - 14:30 vuln.today
Analysis Generated
May 07, 2026 - 14:30 vuln.today
CVE Published
May 07, 2026 - 13:15 nvd
HIGH 8.3

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 66 pypi packages depend on dagster (64 direct, 2 indirect)
  • 3 pypi packages depend on dagster-duckdb (3 direct, 0 indirect)
  • 2 pypi packages depend on dagster-gcp (2 direct, 0 indirect)

Ecosystem-wide dependent count for version 1.13.1 and other introduced versions.

DescriptionGitHub Advisory

Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating dynamic partition key values into queries without escaping. A user with the Add Dynamic Partitions permission could create a partition key that injects arbitrary SQL, which would execute against the target database backend under the I/O manager's credentials. Only deployments that use dynamic partitions are affected. Pipelines using static or time-window partitions are not impacted. This issue has been patched in Dagster Core version 1.13.1 and Dagster libraries version 0.29.1.

AnalysisAI

SQL injection in Dagster orchestration platform allows authenticated users with 'Add Dynamic Partitions' permission to execute arbitrary SQL against DuckDB, Snowflake, BigQuery, and DeltaLake databases via crafted partition keys. Affected I/O managers interpolate dynamic partition values into WHERE clauses without sanitization, enabling attackers to read or modify data under the I/O manager's database credentials. Only deployments using dynamic partitions are vulnerable - static and time-window partitions are unaffected. Vendor-released patches are available (Dagster Core 1.13.1, libraries 0.29.1). No public exploit code identified at time of analysis, though exploitation is straightforward for authenticated users with the specific permission.

Technical ContextAI

Dagster is a Python-based data orchestration platform that manages data pipelines and asset dependencies. The vulnerability resides in four I/O manager integrations (DuckDB, Snowflake, BigQuery, DeltaLake) that construct SQL WHERE clauses for partition filtering. These managers use string interpolation rather than parameterized queries when incorporating dynamic partition key values, violating CWE-89 (SQL Injection) best practices. The affected CPE is cpe:2.3:a:dagster-io:dagster for the core platform. Dynamic partitions in Dagster allow runtime definition of data slices, and partition keys are user-controlled strings. When an I/O manager builds queries like 'SELECT * FROM table WHERE partition_key = ' + user_input without escaping, it creates classic SQL injection vectors. The vulnerability spans multiple Python packages: dagster-duckdb, dagster-snowflake, dagster-gcp (BigQuery), and core dagster package (DeltaLake). Static partitions (predefined ranges) and time-window partitions (date-based) use different code paths that properly escape values, making them immune.

RemediationAI

Update to patched versions: Dagster Core 1.13.1 and all Dagster library packages to 0.29.1 (dagster-duckdb, dagster-snowflake, dagster-gcp 0.29.1). Release available at https://github.com/dagster-io/dagster/releases/tag/1.13.1. The fix implements proper SQL escaping of partition key values before query construction across all affected I/O managers. No configuration changes required alongside the update - only Python package versions need upgrading. Dagster+ agents, OSS daemons, and webservers do not require separate updates. For organizations unable to apply patches immediately, the vendor provides manual workarounds at https://gist.github.com/gibsondan/6d0c483f8499a8b1cd460cddc9fd8f72 (workarounds not detailed in provided data, but likely involve input validation or restricting dynamic partition creation). Compensating control: audit and restrict 'Add Dynamic Partitions' permission to only users who already have equivalent database access through other means, reducing attack surface. In Dagster+, review custom RBAC configurations to ensure this permission aligns with actual database access needs. Consider temporarily disabling dynamic partitions on affected I/O managers if operationally feasible, forcing use of static or time-window partitions which are not vulnerable. Trade-off: restricting permissions or disabling dynamic partitions reduces pipeline flexibility for legitimate use cases like event-driven data processing.

Share

EUVD-2026-28368 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy