Publication date: May 20, 2026
Description
Two privilege escalation vulnerabilities were identified in CockroachDB that could allow authenticated users to gain elevated privileges beyond those assigned to their account.
SQL injection
A SQL injection vulnerability was identified in CockroachDB's functionality. An authenticated SQL user could exploit this flaw to execute certain SQL statements with elevated, root-level privileges, potentially gaining unauthorized read and write access to data in the cluster.
Severity: CVSS 3.1 Base Score: 7.6 (High) — AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
RESTORE SYSTEM USERS privilege escalation
A privilege escalation vulnerability was identified in CockroachDB's RESTORE SYSTEM USERS functionality, which restores user accounts and role information from a backup into a live cluster. This could enable an authenticated user to introduce unauthorized administrative accounts into a cluster.
Severity: CVSS 3.1 Base Score: 7.8 (High) — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Versions affected
All CockroachDB versions before v26.1.2, v25.4.7, v25.2.16, v24.3.30, v24.1.27, v23.2.30 are impacted.
Fixed in
Both vulnerabilities have been resolved. The fixes have been applied to all supported releases of CockroachDB v26.1.2, v25.4.7, v25.2.16, v24.3.30, v24.1.27, v23.2.30 published on April 8, 2026.
Mitigation
Users of CockroachDB v21.2 and later should upgrade to v26.1.2, v25.4.7, v25.2.16, v24.3.30, v24.1.27, v23.2.30, or a later version.
Additional Assistance
If more information or assistance is needed, contact the Cockroach Labs support team.
