{"id":"CVE-2026-25544","summary":"Payload has an SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters","details":"Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL injection attacks. An unauthenticated attacker could extract sensitive data (emails, password reset tokens) and achieve full account takeover without password cracking. This vulnerability is fixed in 3.73.0.","aliases":["GHSA-xx6w-jxg9-2wh8"],"modified":"2026-04-10T05:40:38.016386Z","published":"2026-02-06T21:07:01.122Z","database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-89"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25544.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25544.json"},{"type":"ADVISORY","url":"https://github.com/payloadcms/payload/security/advisories/GHSA-xx6w-jxg9-2wh8"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25544"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/payloadcms/payload","events":[{"introduced":"0"},{"fixed":"b3796f587e237f91fea7ed55a4b0d3a58a78a9bd"}]}],"versions":["3.0.0-beta.22","3.0.0-beta.23","@payloadcms/db-postgres/0.1.7","bundler-vite/0.1.2","bundler-vite/0.1.3","bundler-webpack/1.0.4","bundler-webpack/1.0.5","create-payload-app/1.0.0","db-mongodb/1.0.3","db-mongodb/1.0.4","db-mongodb/1.0.5","db-postgres/0.1.10","db-postgres/0.1.11","db-postgres/0.1.3","db-postgres/0.1.5","db-postgres/0.1.7","db-postgres/0.1.8","eslint/3.0.0","eslint/3.0.0-beta.59","eslint/3.0.0-beta.97","eslint/3.28.0","eslint/3.9.0","live-preview-react/0.1.2","live-preview-react/0.1.4","live-preview-react/0.1.5","live-preview/0.1.2","live-preview/0.1.4","live-preview/0.1.5","payload/2.0.10","payload/2.0.11","payload/2.0.12","payload/2.0.13","payload/2.0.14","payload/2.0.3","payload/2.0.4","payload/2.0.6","payload/2.0.7","plugin-cloud/2.2.6","plugin-nested-docs/1.0.8","plugin-stripe/0.0.16","richtext-lexical/0.1.10","richtext-lexical/0.1.12","richtext-lexical/0.1.13","richtext-lexical/0.1.14","richtext-lexical/0.1.15","richtext-lexical/0.1.16","richtext-lexical/0.1.5","richtext-lexical/0.1.9","richtext-slate/1.0.4","richtext-slate/1.0.5","richtext-slate/1.0.6","richtext-slate/1.0.7","richtext-slate/1.1.0","v0.0.10","v0.0.101","v0.0.102","v0.0.103","v0.0.104","v0.0.105","v0.0.106","v0.0.107","v0.0.108","v0.0.109","v0.0.11","v0.0.110","v0.0.111","v0.0.112","v0.0.113","v0.0.114","v0.0.115","v0.0.116","v0.0.117","v0.0.118","v0.0.119","v0.0.12","v0.0.120","v0.0.121","v0.0.122","v0.0.123","v0.0.124","v0.0.125","v0.0.126","v0.0.128","v0.0.129","v0.0.13","v0.0.130","v0.0.131","v0.0.132","v0.0.133","v0.0.134","v0.0.135","v0.0.136","v0.0.137","v0.0.138","v0.0.139","v0.0.14","v0.0.140","v0.0.141","v0.0.15","v0.0.16","v0.0.17","v0.0.18","v0.0.19","v0.0.2","v0.0.20","v0.0.21","v0.0.22","v0.0.24","v0.0.26","v0.0.27","v0.0.28","v0.0.29","v0.0.3","v0.0.30","v0.0.31","v0.0.32","v0.0.33","v0.0.34","v0.0.35","v0.0.36","v0.0.37","v0.0.38","v0.0.39","v0.0.4","v0.0.40","v0.0.41","v0.0.42","v0.0.43","v0.0.44","v0.0.45","v0.0.46","v0.0.47","v0.0.48","v0.0.49","v0.0.5","v0.0.50","v0.0.51","v0.0.52","v0.0.53","v0.0.54","v0.0.55","v0.0.56","v0.0.57","v0.0.58","v0.0.59","v0.0.6","v0.0.60","v0.0.61","v0.0.62","v0.0.63","v0.0.64","v0.0.65","v0.0.66","v0.0.67","v0.0.68","v0.0.69","v0.0.7","v0.0.70","v0.0.71","v0.0.72","v0.0.73","v0.0.74","v0.0.75","v0.0.76","v0.0.77","v0.0.78","v0.0.79","v0.0.8","v0.0.80","v0.0.81","v0.0.82","v0.0.83","v0.0.84","v0.0.85","v0.0.86","v0.0.87","v0.0.88","v0.0.89","v0.0.9","v0.0.90","v0.0.91","v0.0.92","v0.0.93","v0.0.94","v0.0.95","v0.0.96","v0.0.97","v0.0.98","v0.0.99","v0.1.121","v0.1.122","v0.1.123","v0.1.124","v0.1.125","v0.1.126","v0.1.127","v0.1.138","v0.1.139","v0.1.140","v0.1.141","v0.1.142","v0.1.143","v0.1.144","v0.1.145","v0.1.146","v0.1.16","v0.1.17","v0.1.18","v0.1.19","v0.1.20","v0.10.10","v0.10.11","v0.10.7","v0.11.0","v0.12.0","v0.12.1","v0.12.2","v0.12.3","v0.13.0","v0.13.1","v0.13.2","v0.13.3","v0.13.4","v0.13.5","v0.13.6","v0.14.0","v0.15.0","v0.15.1","v0.15.10","v0.15.11","v0.15.12","v0.15.13","v0.15.2","v0.15.3","v0.15.4","v0.15.5","v0.15.6","v0.15.7","v0.15.8","v0.15.9","v0.16.1","v0.16.2","v0.16.3","v0.16.4","v0.17.0","v0.17.1","v0.17.2","v0.17.3","v0.18.0","v0.18.1","v0.18.2","v0.18.3","v0.18.4","v0.18.5","v0.19.2","v0.2.0","v0.2.10","v0.2.11","v0.2.12","v0.2.13","v0.2.2","v0.2.3","v0.2.4","v0.2.5","v0.2.6","v0.2.8","v0.2.9","v0.20.1","v0.3.0","v0.5.10","v0.5.7","v0.5.8","v0.5.9","v0.6.0","v0.6.1","v0.6.10","v0.6.2","v0.6.3","v0.6.4","v0.6.5","v0.6.6","v0.6.7","v0.6.8","v0.6.9","v0.7.2","v0.7.3","v0.7.4","v0.7.5","v0.7.6","v1.0.10","v1.0.12","v1.0.13","v1.0.14","v1.0.15","v1.0.16","v1.0.17","v1.0.18","v1.0.19","v1.0.20","v1.0.21","v1.0.22","v1.0.23","v1.0.24","v1.0.25","v1.0.26","v1.0.27","v1.0.28","v1.0.29","v1.0.30","v1.0.33","v1.0.34","v1.0.35","v1.0.36","v1.0.4","v1.0.5","v1.0.6","v1.0.7","v1.0.8","v1.0.9","v1.1.10","v1.1.11","v1.1.13","v1.1.14","v1.1.15","v1.1.16","v1.1.17","v1.1.18","v1.1.19","v1.1.20","v1.1.21","v1.1.22","v1.1.23","v1.1.24","v1.1.25","v1.1.26","v1.1.4","v1.1.5","v1.1.6","v1.1.7","v1.1.8","v1.1.9","v1.2.0","v1.2.1","v1.2.2","v1.2.3","v1.2.4","v1.2.5","v1.3.0","v1.3.1","v1.3.2","v1.3.3","v1.3.4","v1.4.0","v1.4.1","v1.4.2","v1.5.0","v1.5.1","v1.5.2","v1.5.3","v1.5.4","v1.5.5","v1.5.6","v1.5.7","v1.5.8","v1.5.9","v1.6.1","v1.6.10","v1.6.11","v1.6.12","v1.6.13","v1.6.14","v1.6.15","v1.6.17","v1.6.18","v1.6.19","v1.6.2","v1.6.20","v1.6.21","v1.6.22","v1.6.3","v1.6.4","v1.6.5","v1.6.6","v1.6.7","v1.6.9","v1.7.2","v1.7.3","v1.7.4","v1.8.0","v1.8.1","v1.8.2","v1.8.3","v1.8.3-canary.1","v1.8.3-canary.2","v1.8.4","v1.8.4-canary.0","v1.8.4-canary.1","v1.8.4-canary.2","v1.8.4-canary.3","v1.8.4-canary.4","v1.9.1","v2.0.0","v2.0.10","v2.0.11","v2.0.12","v2.0.13","v2.0.14","v2.0.2","v2.0.3","v2.0.4","v2.0.6","v2.0.7","v2.0.8","v2.0.9","v3.0.0","v3.0.0-alpha.12","v3.0.0-alpha.14","v3.0.0-alpha.15","v3.0.0-alpha.16","v3.0.0-alpha.18","v3.0.0-alpha.19","v3.0.0-alpha.22","v3.0.0-alpha.23","v3.0.0-alpha.25","v3.0.0-alpha.29","v3.0.0-alpha.30","v3.0.0-alpha.35","v3.0.0-alpha.37","v3.0.0-alpha.39","v3.0.0-alpha.40","v3.0.0-alpha.41","v3.0.0-alpha.45","v3.0.0-alpha.46","v3.0.0-alpha.49","v3.0.0-alpha.50","v3.0.0-alpha.52","v3.0.0-alpha.53","v3.0.0-alpha.54","v3.0.0-alpha.55","v3.0.0-alpha.57","v3.0.0-alpha.58","v3.0.0-alpha.59","v3.0.0-beta.0","v3.0.0-beta.1","v3.0.0-beta.10","v3.0.0-beta.100","v3.0.0-beta.101","v3.0.0-beta.102","v3.0.0-beta.103","v3.0.0-beta.104","v3.0.0-beta.105","v3.0.0-beta.106","v3.0.0-beta.107","v3.0.0-beta.108","v3.0.0-beta.109","v3.0.0-beta.110","v3.0.0-beta.111","v3.0.0-beta.112","v3.0.0-beta.113","v3.0.0-beta.114","v3.0.0-beta.116","v3.0.0-beta.117","v3.0.0-beta.118","v3.0.0-beta.119","v3.0.0-beta.120","v3.0.0-beta.121","v3.0.0-beta.122","v3.0.0-beta.123","v3.0.0-beta.124","v3.0.0-beta.125","v3.0.0-beta.126","v3.0.0-beta.127","v3.0.0-beta.128","v3.0.0-beta.129","v3.0.0-beta.13","v3.0.0-beta.130","v3.0.0-beta.131","v3.0.0-beta.132","v3.0.0-beta.133","v3.0.0-beta.134","v3.0.0-beta.135","v3.0.0-beta.14","v3.0.0-beta.15","v3.0.0-beta.18","v3.0.0-beta.19","v3.0.0-beta.2","v3.0.0-beta.20","v3.0.0-beta.21","v3.0.0-beta.22","v3.0.0-beta.23","v3.0.0-beta.24","v3.0.0-beta.25","v3.0.0-beta.26","v3.0.0-beta.27","v3.0.0-beta.28","v3.0.0-beta.29","v3.0.0-beta.3","v3.0.0-beta.30","v3.0.0-beta.31","v3.0.0-beta.32","v3.0.0-beta.33","v3.0.0-beta.35","v3.0.0-beta.37","v3.0.0-beta.39","v3.0.0-beta.4","v3.0.0-beta.42","v3.0.0-beta.43","v3.0.0-beta.44","v3.0.0-beta.45","v3.0.0-beta.47","v3.0.0-beta.48","v3.0.0-beta.49","v3.0.0-beta.5","v3.0.0-beta.50","v3.0.0-beta.51","v3.0.0-beta.52","v3.0.0-beta.53","v3.0.0-beta.54","v3.0.0-beta.55","v3.0.0-beta.56","v3.0.0-beta.57","v3.0.0-beta.58","v3.0.0-beta.59","v3.0.0-beta.6","v3.0.0-beta.60","v3.0.0-beta.61","v3.0.0-beta.62","v3.0.0-beta.63","v3.0.0-beta.64","v3.0.0-beta.65","v3.0.0-beta.66","v3.0.0-beta.67","v3.0.0-beta.68","v3.0.0-beta.69","v3.0.0-beta.70","v3.0.0-beta.71","v3.0.0-beta.72","v3.0.0-beta.73","v3.0.0-beta.74","v3.0.0-beta.75","v3.0.0-beta.76","v3.0.0-beta.77","v3.0.0-beta.78","v3.0.0-beta.79","v3.0.0-beta.80","v3.0.0-beta.81","v3.0.0-beta.82","v3.0.0-beta.83","v3.0.0-beta.84","v3.0.0-beta.85","v3.0.0-beta.86","v3.0.0-beta.87","v3.0.0-beta.88","v3.0.0-beta.89","v3.0.0-beta.9","v3.0.0-beta.90","v3.0.0-beta.91","v3.0.0-beta.92","v3.0.0-beta.93","v3.0.0-beta.94","v3.0.0-beta.95","v3.0.0-beta.96","v3.0.0-beta.97","v3.0.0-beta.98","v3.0.0-beta.99","v3.0.1","v3.0.2","v3.1.0","v3.1.1","v3.10.0","v3.11.0","v3.12.0","v3.13.0","v3.14.0","v3.15.0","v3.15.1","v3.16.0","v3.17.0","v3.17.1","v3.18.0","v3.19.0","v3.2.0","v3.2.1","v3.2.2","v3.20.0","v3.21.0","v3.22.0","v3.23.0","v3.24.0","v3.25.0","v3.26.0","v3.27.0","v3.28.0","v3.28.1","v3.29.0","v3.3.0","v3.30.0","v3.31.0","v3.32.0","v3.33.0","v3.34.0","v3.35.0","v3.35.1","v3.36.0","v3.36.1","v3.37.0","v3.38.0","v3.39.0","v3.39.1","v3.4.0","v3.40.0","v3.41.0","v3.42.0","v3.43.0","v3.44.0","v3.45.0","v3.46.0","v3.47.0","v3.48.0","v3.49.0","v3.49.1","v3.5.0","v3.50.0","v3.51.0","v3.52.0","v3.53.0","v3.54.0","v3.55.0","v3.55.1","v3.56.0","v3.57.0","v3.58.0","v3.59.0","v3.59.1","v3.6.0","v3.60.0","v3.61.0","v3.61.1","v3.62.0","v3.63.0","v3.64.0","v3.65.0","v3.66.0","v3.67.0","v3.68.0","v3.68.1","v3.68.2","v3.68.3","v3.68.4","v3.68.5","v3.69.0","v3.7.0","v3.70.0","v3.71.0","v3.71.1","v3.72.0","v3.8.0","v3.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25544.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}