Threat Advisory

Marten Vulnerability Initiates SQL Changes in RegConfig Variable

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: Critical
[subscribe_to_unlock_form]


EXECUTIVE SUMMARY:

CVE-2026-45288 with a CVSS score of 9.8 in Marten arises from a SQL injection vulnerability in its full-text search APIs, where the user-controlled regConfig parameter is directly interpolated into dynamically generated PostgreSQL queries without proper validation or parameterization. This allows an attacker to break out of the intended SQL context by injecting malicious input such as terminating the string literal and appending arbitrary SQL, enabling operations like time-based attacks, data exfiltration via SELECT, and destructive actions like DROP TABLE depending on database privileges. The issue affects multiple search-related methods including SearchAsync, PhraseSearchAsync, WebStyleSearchAsync, and related LINQ extensions whenever untrusted input is passed into regConfig. The vulnerability was addressed by enforcing strict validation of regConfig against a PostgreSQL identifier regex and rejecting invalid values, along with recommendations to hard-code or allowlist safe configurations as a workaround to prevent exploitation.[/subscribe_to_unlock_form]


EXECUTIVE SUMMARY:

CVE-2026-45288 with a CVSS score of 9.8 in Marten arises from a SQL injection vulnerability in its full-text search APIs, where the user-controlled regConfig parameter is directly interpolated into dynamically generated PostgreSQL queries without proper validation or parameterization. This allows an attacker to break out of the intended SQL context by injecting malicious input such as terminating the string literal and appending arbitrary SQL, enabling operations like time-based attacks, data exfiltration via SELECT, and destructive actions like DROP TABLE depending on database privileges. The issue affects multiple search-related methods including SearchAsync, PhraseSearchAsync, WebStyleSearchAsync, and related LINQ extensions whenever untrusted input is passed into regConfig. The vulnerability was addressed by enforcing strict validation of regConfig against a PostgreSQL identifier regex and rejecting invalid values, along with recommendations to hard-code or allowlist safe configurations as a workaround to prevent exploitation.[emaillocker id="1283"]

RECOMMENDATION:

We recommend you to update Marten to version 8.37.0 or latee.

REFERENCES:

The following reports contain further technical details:
https://github.com/advisories/GHSA-vmw2-qwm8-x84c

[/emaillocker]
crossmenu