CVE-2026-21892
Publication date 8 January 2026
Last updated 6 July 2026
Ubuntu priority
Cvss 3 Severity Score
Description
Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting (Python % operator) with user-supplied input (workflow_id) directly from URL routes. This allows an unauthenticated attacker with access to the visualization dashboard to inject arbitrary SQL commands, potentially leading to data exfiltration or denial of service against the monitoring database. Version 2026.01.05 fixes the issue.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| python-parsl | 26.04 LTS resolute |
Not affected
|
| 25.10 questing |
Vulnerable
|
|
| 24.04 LTS noble |
Fixed 2024.02.26+ds-1ubuntu0.1~esm1
|
|
| 22.04 LTS jammy | Not in release |
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu Pro 30-day free trialSeverity score breakdown
CVSS version: CVSS v3.0
Base score
5.3 · Medium
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References
Related Ubuntu Security Notices (USN)
- USN-8505-1
- Parsl vulnerability
- 6 July 2026