https://aretiq.ai/tags/dotcms/Recent content in Dotcms on Aretiq AIHugoen-usWed, 27 May 2026 00:00:00 +0000https://aretiq.ai/research/vul260527-cve-2026-8054-dotcms-core-publish-audit-api-sql-injection/Wed, 27 May 2026 00:00:00 +0000https://aretiq.ai/research/vul260527-cve-2026-8054-dotcms-core-publish-audit-api-sql-injection/<h2 id="1-overview">1. Overview</h2> <p>A critical SQL injection vulnerability exists in the dotCMS Core content management system&rsquo;s Publish Audit API. The <code>/api/auditPublishing/getAll</code> REST endpoint accepts a JSON array of bundle identifiers and passes them unsanitized into a SQL query via string concatenation, allowing an attacker to inject arbitrary SQL statements. The endpoint requires no authentication, enabling an unauthenticated remote attacker to read, modify, or destroy the entire dotCMS PostgreSQL database with a single HTTP request. dotCMS addressed this vulnerability in version 26.04.28-03 by parameterizing the SQL query and adding Push Publish JWT token authentication to the affected endpoints.</p>