CVE-2026-33503 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-33503 PUBLISHED CVSS 7.199999809265137 HIGH

Ory Kratos has a SQL injection via forged pagination tokens

Risk Scores

CVSS v3.1

7.199999809265137

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
github.com	ory/kratos	0, 0, 0
ory	kratos	< 26.2.0, < 26.2.0, < 26.2.0

Timeline

Mar 20, 2026 CVE Published
Mar 24, 2026 Security Advisory
Mar 27, 2026 CVE Updated

References

Open in Interactive Console →