CVE-2026-22599 | Strapi up to 4.26.0/5.33.1 Database Utility db.connection.raw sql injection (GHSA-3xcq-8mjw-h6mx)

A vulnerability has been found in Strapi up to 4.26.0/5.33.1 and classified as critical. This issue affects the function db.connection.raw of the component Database Utility. This manipulation causes sql injection.

This vulnerability is handled as CVE-2026-22599. The attack can be initiated remotely. There is not any exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More