GHSA-rh62-j648-g5qc: Recce server has unauthenticated SQL execution that allows local file read/write through DuckDB
Recce OSS server versions prior to 1.50.0 that expose the server to untrusted networks without authentication are vulnerable to unauthenticated SQL execution via the query run API. When configured with a DuckDB-backed project, this allows attackers to read and write local files accessible to the Recce server process. The impact includes potential disclosure and tampering of local files, modification of static files served by the browser leading to stored XSS, and alteration of application files if writable. If run as root, these file operations occur with root privileges. The vulnerability has been patched in Recce version 1.50.0.
AI Analysis
Technical Summary
Recce OSS server deployments exposing the query run API without authentication are vulnerable to unauthenticated SQL execution. Specifically, when using DuckDB as the backend, attackers can leverage DuckDB filesystem primitives to perform arbitrary local file read and write operations with the privileges of the Recce server process. This can lead to disclosure of sensitive files, tampering with Recce or dbt artifacts, modification of static files causing stored cross-site scripting, and modification of application files if writable. The severity is high due to the potential for privilege escalation and persistent compromise. The issue is fixed in Recce version 1.50.0 by restricting unsafe file operations and hardening the query execution path.
Potential Impact
The vulnerability allows unauthenticated attackers to execute arbitrary SQL queries on the Recce server's DuckDB backend, enabling local file read and write operations with the server process's privileges. This can result in disclosure of sensitive local files, tampering with internal artifacts, persistent cross-site scripting via modified static files, and potential modification of application files. If the server runs as root, the attacker gains root-level file access on the host or container, significantly increasing the risk and impact.
Mitigation Recommendations
A patch is available in Recce version 1.50.0 that restricts unsafe file read/write behavior and hardens the query execution path. Users should upgrade to version 1.50.0 or later. Until upgrading, users should avoid exposing the Recce server to untrusted networks or the public internet without authentication. Recommended mitigations include enabling authentication, placing Recce behind an authenticated reverse proxy or VPN, running the server as a non-root user, using a read-only filesystem for the application where possible, and ensuring sensitive files or credentials are not accessible to the Recce process.
GHSA-rh62-j648-g5qc: Recce server has unauthenticated SQL execution that allows local file read/write through DuckDB
Description
Recce OSS server versions prior to 1.50.0 that expose the server to untrusted networks without authentication are vulnerable to unauthenticated SQL execution via the query run API. When configured with a DuckDB-backed project, this allows attackers to read and write local files accessible to the Recce server process. The impact includes potential disclosure and tampering of local files, modification of static files served by the browser leading to stored XSS, and alteration of application files if writable. If run as root, these file operations occur with root privileges. The vulnerability has been patched in Recce version 1.50.0.
CVSS v4.0
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Recce OSS server deployments exposing the query run API without authentication are vulnerable to unauthenticated SQL execution. Specifically, when using DuckDB as the backend, attackers can leverage DuckDB filesystem primitives to perform arbitrary local file read and write operations with the privileges of the Recce server process. This can lead to disclosure of sensitive files, tampering with Recce or dbt artifacts, modification of static files causing stored cross-site scripting, and modification of application files if writable. The severity is high due to the potential for privilege escalation and persistent compromise. The issue is fixed in Recce version 1.50.0 by restricting unsafe file operations and hardening the query execution path.
Potential Impact
The vulnerability allows unauthenticated attackers to execute arbitrary SQL queries on the Recce server's DuckDB backend, enabling local file read and write operations with the server process's privileges. This can result in disclosure of sensitive local files, tampering with internal artifacts, persistent cross-site scripting via modified static files, and potential modification of application files. If the server runs as root, the attacker gains root-level file access on the host or container, significantly increasing the risk and impact.
Mitigation Recommendations
A patch is available in Recce version 1.50.0 that restricts unsafe file read/write behavior and hardens the query execution path. Users should upgrade to version 1.50.0 or later. Until upgrading, users should avoid exposing the Recce server to untrusted networks or the public internet without authentication. Recommended mitigations include enabling authentication, placing Recce behind an authenticated reverse proxy or VPN, running the server as a non-root user, using a read-only filesystem for the application where possible, and ensuring sensitive files or credentials are not accessible to the Recce process.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-rh62-j648-g5qc
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-49360"]
- Ecosystems
- ["PyPI"]
- Database Specific Severity
- HIGH
- Cvss Version
- 4.0
Threat ID: 6a46ecad27e9c7971943b87d
Added to database: 07/02/2026, 22:56:45 UTC
Last enriched: 07/02/2026, 23:04:15 UTC
Last updated: 07/02/2026, 23:04:15 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.