rucio

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting ruciopage 1 of 1

CVE-2026-29080HIGHCVSS 8.8EG 8.8✓ Fixed in 40.1.1
2026-05-06
vulnerable: 40.0.0, 40.1.0
A SQL injection vulnerability in `FilterEngine.create_sqla_query()` allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (`GET /dids/<scope>/dids/search`). On Oracle depl…
CVE-2026-29090HIGHCVSS 8.8EG 8.8✓ Fixed in 40.1.1
2026-05-06
vulnerable: 40.0.0, 40.1.0
### Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in `FilterEngine.create_postgres_query()`. This allows any authenticated Rucio user to execute arbitrary SQL ag…

Check whether rucio is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for rucio CVEs against the assets you own.

Start Free Scan →