2428469 – (CVE-2026-0824) CVE-2026-0824 questdb: QuestDB UI: Cross-site Scripting vulnerability via Web Console manipulation

Bug 2428469 (CVE-2026-0824) - CVE-2026-0824 questdb: QuestDB UI: Cross-site Scripting vulnerability via Web Console manipulation

Summary: CVE-2026-0824 questdb: QuestDB UI: Cross-site Scripting vulnerability via Web...

Keywords:
Status:	NEW
Alias:	CVE-2026-0824
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-01-10 15:01 UTC by OSIDB Bzimport
Modified:	2026-01-13 13:23 UTC (History)
CC List:	20 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-01-10 15:01:51 UTC

A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 1.1.10 is recommended to address this issue. The patch is identified as b42fd9f18476d844ae181a10a249e003dafb823d. You should upgrade the affected component. The vendor confirmed early that the fix "is going to be released as a part of QuestDB 9.3.0" as well.

Note You need to log in before you can comment on or make changes to this bug.

asoldano
bbaranow
bmaxwell
brian.stansberry
darran.lofthouse
dosoudil
fjuma
istudens
ivassile
iweiss
mosmerov
msvehla
nwallace
pberan
pesilva
pjindal
pmackay
rstancel
smaestri
tom.jenkinson