External risk intelligence

Open XDMoD SQL Injection Vulnerability Allows Database Compromise.

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-45779

A critical SQL injection vulnerability in Open XDMoD, used for analyzing HPC metrics, allows unauthenticated attackers to execute arbitrary SQL commands remotely. This could lead to a complete compromise of the underlying database. All Open XDMoD deployments before version 10.0.3 are affected.

3Halo Surface Signal

SQL Injection

Buffalo Open Xdmod

before 10.0.3

External exposure likelihood

Halo Surface Signal score for CVE-2026-45779

Open XDMoD is a framework for analyzing HPC metrics. While it is a web-based application, it is typically deployed within research or institutional HPC environments to analyze internal cluster data, rather than being exposed as a public-facing web service. Therefore, while it is network-reachable, public internet exposure is not its standard or primary deployment pattern.

PCI scan relevance

PCI Relevance for CVE-2026-45779

Yes

CVE-2026-45779 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This SQL injection vulnerability in Open XDMoD allows unauthenticated remote attackers to execute arbitrary SQL statements, potentially compromising the database.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability in Open XDMoD, a framework for analyzing HPC metrics, could allow attackers to execute malicious database commands without authentication. This impacts all deployments prior to version 10.0.3, potentially leading to complete compromise of the underlying database. While the issue was patched quickly, it's important to confirm if your environment uses this technology and verify its version.

Unauthenticated database access risk exists.
Critical security flaw impacts data integrity.
Confirm relevance and ensure systems are updated.

Attack Path

How an attacker could exploit the issue

An attacker can target Open XDMoD installations lacking the latest security updates. By sending specially crafted SQL queries over the network to the application, an unauthenticated attacker can manipulate the database. Successful exploitation could grant the attacker full control over the underlying database, potentially compromising sensitive data.

No authentication needed.
SQL injection via network requests.
Full database compromise risk.

Live Threat

Current exploitation, exposure, and threat context

An SQL injection vulnerability in Open XDMoD could allow an unauthenticated remote attacker to execute arbitrary SQL statements, potentially leading to a complete compromise of the underlying database. This affects all deployments of Open XDMoD prior to version 10.0.3 when deployed with an exploitable configuration.

Sensitive database information at risk.
Unauthenticated remote SQL statement execution.
Complete database compromise possible.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Application owners and infrastructure teams are likely responsible for Open XDMoD deployments. The first step is to identify all instances, confirm their reachability and criticality, and then assign ownership for a risk-based remediation plan.

Identify affected systems and owners.
Verify exposure and business criticality.
Plan remediation and vendor coordination.

Frequently asked questions

What is Open XDMoD used for?

Open XDMoD is an open-source framework specifically designed for high-performance computing (HPC) environments. Researchers and system administrators use it to collect, aggregate, and visualize usage metrics from supercomputing clusters. By processing large datasets, it helps organizations understand how their computing resources are being utilized and by whom, providing transparency into complex technical infrastructure.

What kind of vulnerability is CVE-2026-45779?

This CVE represents an SQL injection weakness, classified as CWE-89. In simple terms, this means the software does not properly filter information sent to it, allowing a remote user to trick the database into running unauthorized commands. Because the application processes these malicious inputs as if they were legitimate, an attacker can bypass normal controls to read, modify, or delete information stored in the system's database.

How can an attacker trigger this SQL injection?

An attacker triggers this vulnerability by sending specially crafted SQL requests over the network directly to the Open XDMoD application. Crucially, the system does not require any prior authentication or user interaction to process these requests. If the application is reachable, the malicious command is executed automatically. The bug exists regardless of user credentials, meaning no login is needed to initiate the attack.

Is my Open XDMoD deployment at risk?

According to Halo Surface Signal, Open XDMoD is typically used within institutional or research networks to analyze private cluster data rather than as a public-facing website. While it is technically reachable over a network, its risk profile depends on your specific infrastructure. Systems exposed to the open internet face a higher risk, but internal instances remain potentially vulnerable to anyone who has access to your private network.

How do I secure my environment against this flaw?

The primary response is to upgrade your installation to version 10.0.3 or later, as this release includes the necessary security patch. First, audit your infrastructure to locate all active instances of the software and confirm their current version numbers. If an immediate upgrade is not feasible, consult the vendor's documentation to apply the manual security patch provided for earlier versions to mitigate the risk of unauthorized database access.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.