{"url":"http://public2.vulnerablecode.io/api/packages/924327?format=json","purl":"pkg:npm/%40payloadcms/drizzle@3.50.0-canary.9","type":"npm","namespace":"@payloadcms","name":"drizzle","version":"3.50.0-canary.9","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.73.0","latest_non_vulnerable_version":"3.73.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19526?format=json","vulnerability_id":"VCID-tpna-93gh-zydd","summary":"@payloadcms/drizzle has SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters\n### Impact\n\nWhen querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL Injection attacks. An unauthenticated attacker could extract sensitive data (emails, password reset tokens) and achieve full account takeover without password cracking.\n\n**Users are affected if ALL of these are true:**\n\n1. Payload version < v3.73.0\n2. Using a Drizzle-based database adapter (`@payloadcms/drizzle` as dependency):\n   - `@payloadcms/db-postgres`\n   - `@payloadcms/db-vercel-postgres`\n   - `@payloadcms/db-sqlite`\n   - `@payloadcms/db-d1-sqlite`\n3. At least one accessible collection that has a `type: 'json'` or `type: 'richText'` field where `access.read` returns anything other than `false` (`true` or `Where` constraint)\n\n**Users are NOT affected if:**\n\n- Using `@payloadcms/db-mongodb`\n- No JSON or richText fields exist in any collection\n- All JSON/richText fields have `access: { read: () => false }`\n\n### Patches\n\nUpgrade to Payload **v3.73.0** or later.\n\n### Workarounds\n\nIf a project cannot upgrade immediately, add `access: { read: () => false }` to all JSON and richText fields as a temporary mitigation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25544","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12053","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25544"},{"reference_url":"https://github.com/payloadcms/payload","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/payloadcms/payload"},{"reference_url":"https://github.com/payloadcms/payload/security/advisories/GHSA-xx6w-jxg9-2wh8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-09T15:22:49Z/"}],"url":"https://github.com/payloadcms/payload/security/advisories/GHSA-xx6w-jxg9-2wh8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25544","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25544"},{"reference_url":"https://github.com/advisories/GHSA-xx6w-jxg9-2wh8","reference_id":"GHSA-xx6w-jxg9-2wh8","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xx6w-jxg9-2wh8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55142?format=json","purl":"pkg:npm/%40payloadcms/drizzle@3.73.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540payloadcms/drizzle@3.73.0"}],"aliases":["CVE-2026-25544","GHSA-xx6w-jxg9-2wh8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tpna-93gh-zydd"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540payloadcms/drizzle@3.50.0-canary.9"}