Home / Vulnerability Intelligence / CVE-2026-32714

CVE-2026-32714 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 1, 2026

SciTokens - SQL Injection

Published: March 31, 2026Updated: April 1, 2026Remote Exploitable

Overview

SciTokens < 1.9.6 contains a SQL injection caused by unsafe use of str.format() in KeyCache class for SQL query construction, letting attackers execute arbitrary SQL commands on local SQLite database, exploit requires crafted input.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 2.9%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary SQL commands on the local database, potentially leading to data compromise or corruption.

Mitigation

Upgrade to version 1.9.6 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 31, 2026

🔴 CVE-2026-32714 - Critical (9.8) SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format() to construct SQL queries with user-supplied data (su... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32714/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-32714
Severity: Critical
CVSS Score: 9.8
Type: sql_injection
Status: unconfirmed
EPSS: 2.9%
Social Posts: 1

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

2.9%Probability of exploitation in the next 30 days