Dagster Orchestration Platform Vulnerable to SQL Injection via Dynamic Partitions
The National Vulnerability Database has detailed a critical SQL injection vulnerability (CVE-2026-41490) affecting Dagster, an open-source data orchestration platform. The flaw lies in how Dagster’s I/O managers construct SQL queries. Specifically, when dynamic partition keys are interpolated into queries without proper escaping, an attacker with ‘Add Dynamic Partitions’ permission can inject malicious SQL. This SQL executes with the privileges of the I/O manager against the target database backend.
This vulnerability impacts only Dagster deployments actively using dynamic partitions. Pipelines relying on static or time-window partitions are unaffected. The severity is rated HIGH (CVSS 8.3), reflecting the potential for significant data compromise. The National Vulnerability Database notes that the issue is patched in Dagster Core version 1.13.1 and Dagster libraries version 0.29.1.
What This Means For You
- If your organization uses Dagster with dynamic partitions, immediately verify your Dagster Core and libraries are updated to patched versions (1.13.1+ and 0.29.1+ respectively). If patching is not immediately feasible, audit access controls for the 'Add Dynamic Partitions' permission. Review database logs for any unusual queries originating from the I/O manager's service account, especially those containing suspicious WHERE clause syntax.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-41490: Dagster Dynamic Partition SQL Injection Attempt
title: CVE-2026-41490: Dagster Dynamic Partition SQL Injection Attempt
id: scw-2026-05-07-ai-1
status: experimental
level: high
description: |
Detects attempts to exploit CVE-2026-41490 by identifying requests to the Dagster GraphQL endpoint that include the 'addDynamicPartitions' mutation, a common entry point for injecting malicious SQL into dynamic partition keys. This rule specifically targets the mutation used to add dynamic partitions, which is where the SQL injection vulnerability lies.
author: SCW Feed Engine (AI-generated)
date: 2026-05-07
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-41490/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/graphql'
cs-uri-query|contains:
- 'mutation { addDynamicPartitions'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-41490 | SQLi | Dagster Core < 1.13.1 |
| CVE-2026-41490 | SQLi | Dagster libraries < 0.29.1 |
| CVE-2026-41490 | SQLi | Vulnerable components: DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers |
| CVE-2026-41490 | SQLi | Attack vector: Unescaped dynamic partition key values in SQL WHERE clauses |
| CVE-2026-41490 | SQLi | Affected deployments: Those using dynamic partitions |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 07, 2026 at 17:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-44264 — Weblate is a web based localization tool. Prior to version
CVE-2026-44264 — Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't...
CVE-2026-44263 — Weblate is a web based localization tool. Prior to version
CVE-2026-44263 — Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of...
gnutls CVE-2026-42011: Certificate Validation Bypass Poses MITM Risk
CVE-2026-42011 — A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had...