How is CVE-2026-44635 exploited?

Network reachability (required): The attack is delivered over the network: any HTTP request or API call that passes user-supplied input into a Kysely JSON-path expression reaches the vulnerable code path without requiring local access. Authentication (not-required): No credentials are needed; the CVSS vector specifies PR:N, meaning an unauthenticated attacker can supply the malicious path string through any public-facing endpoint that constructs JSON-path queries. Victim interaction (not-required): No user interaction is required; the attacker triggers the injection directly by sending a crafted request, with no social-engineering step needed. Attack complexity (info): Attack complexity is low (AC:L): the exploit is reliable and condition-free, requiring only that attacker-controlled input reaches a `JSONPathBuilder.key()` or `.at()` call, with no race condition or environment-specific setup needed.

What is the impact of CVE-2026-44635?

Reads JSON sub-fields in the targeted database column that the application developer never intended to expose, including sibling keys and nested child objects within the same JSON document. In UPDATE statement contexts, writes arbitrary values into those same out-of-scope JSON sub-fields, corrupting application state or overwriting access-control or configuration data stored as JSON. Affects all three supported database backends (MySQL, PostgreSQL, SQLite), so any Kysely-backed service querying JSON columns is in scope regardless of the underlying database engine. The vulnerability bypasses TypeScript's type safety guarantees: even code where the column type is inferred as `Record ` is exploitable, so developer confidence in type-checked queries does not indicate safety.

Back to search

HIGHCVE-2026-44635Published 2026-05-27Modified 2026-05-28CNA GitHub_M

CVE-2026-44635: Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`

Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters (., [, ], *, **, ?). When attacker-controlled input flows into eb.ref(col, '->$').key(input) or .at(input) — including type-safe code where the JSON column is shaped like Record<string, T> so K extends string is the inferred type — every dot becomes a path-leg separator, letting an attacker traverse from the intended key into sibling and child fields the developer never meant to expose. The result is read access (and, in update statements, write access) to JSON sub-fields outside the intended scope across MySQL, PostgreSQL ->$/->>$, and SQLite. This vulnerability is fixed in 0.28.17.

HarborGuard Analysis

HarborGuard analysis

Synopsis

This is a JSON-path traversal injection vulnerability in Kysely, the TypeScript SQL query builder, affecting versions 0.26.0 through 0.28.16. The flaw is reachable over the network with no authentication required, because the vulnerable code path sits inside query compilation: any attacker-controlled string that flows into `JSONPathBuilder.key()` or `.at()` can embed unescaped metacharacters (`.`, `[`, `]`, `*`, `?`) that the compiler passes directly to the database engine as raw path syntax. Successful exploitation gives the attacker read access to JSON sub-fields outside the intended scope in SELECT statements, and write access to those same fields in UPDATE statements, across MySQL, PostgreSQL, and SQLite backends. No fix version has been published yet; HarborGuard tracks the upstream advisory and will make a patched-image rebuild available the moment a fix is released.

HarborGuard Coverage

Detection

Detection for CVE-2026-44635 is available across every HarborGuard environment: the CVE is ingested from upstream feeds (GitHub Advisory Database, NVD, and CNA sources) within minutes of publication and matched against all customer images, including custom-built images that bundle Kysely as a dependency. Any image whose manifest or lockfile resolves a kysely version in the range 0.26.0 to 0.28.16 is flagged automatically.

Available

Triage

Triage is available using the CVSS v3.1 score of 7.5 (HIGH), weighted further by each customer environment's compliance policy, such as stricter thresholds for internet-facing or data-tier workloads. Findings are routed to the team or inbox configured inside each customer org for Node.js or database-layer alerts.

Available

Patch

Because no fix version has been published upstream, no patched-image rebuild is available yet. HarborGuard re-evaluates the advisory on every ingest cycle; the moment Kysely 0.28.17 or a later fix is confirmed, a patched-image rebuild will become available automatically, and customers with auto-remediation enabled will receive a rebuild, a regression-test run, and a PR opened against affected workloads.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attack is delivered over the network: any HTTP request or API call that passes user-supplied input into a Kysely JSON-path expression reaches the vulnerable code path without requiring local access.
AuthenticationNot required
No credentials are needed; the CVSS vector specifies PR:N, meaning an unauthenticated attacker can supply the malicious path string through any public-facing endpoint that constructs JSON-path queries.
Victim interactionNot required
No user interaction is required; the attacker triggers the injection directly by sending a crafted request, with no social-engineering step needed.
Attack complexityDetail
Attack complexity is low (AC:L): the exploit is reliable and condition-free, requiring only that attacker-controlled input reaches a `JSONPathBuilder.key()` or `.at()` call, with no race condition or environment-specific setup needed.

Blast Radius

Reads JSON sub-fields in the targeted database column that the application developer never intended to expose, including sibling keys and nested child objects within the same JSON document.
In UPDATE statement contexts, writes arbitrary values into those same out-of-scope JSON sub-fields, corrupting application state or overwriting access-control or configuration data stored as JSON.
Affects all three supported database backends (MySQL, PostgreSQL, SQLite), so any Kysely-backed service querying JSON columns is in scope regardless of the underlying database engine.
The vulnerability bypasses TypeScript's type safety guarantees: even code where the column type is inferred as `Record<string, T>` is exploitable, so developer confidence in type-checked queries does not indicate safety.

How HarborGuard Handles This

Available on HarborGuard: scanning for CVE-2026-44635 is active and will flag any image resolving kysely in the affected version range (0.26.0 to 0.28.16). Because no upstream fix exists at this time, automated patched-image rebuild is not yet available. In the interim, customers can use HarborGuard policy controls to enforce compensating controls: network-policy isolation for services that expose JSON-path query functionality, input-validation rules enforced at the API gateway layer to reject strings containing JSON-path metacharacters (`.`, `[`, `]`, `*`, `?`, `**`), and feature-flag gating to disable dynamic JSON-path construction in high-risk endpoints. HarborGuard re-checks the advisory every ingest cycle; once Kysely publishes a fix (expected at 0.28.17 per the advisory), a patched-image rebuild will become available immediately, and for customers with auto-remediation enabled, a rebuild, regression-test run, and PR against affected workloads will be triggered without manual intervention.

See how HarborGuard automates this

CVSS v3.1: 7.5
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

kysely-org / kysely
>= 0.26.0, < 0.28.17

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

https://github.com/kysely-org/kysely/security/advisories/GHSA-pv5w-4p9q-p3v2