HackerOne Disclosed Reports - 2026-07-13

0 Replies, 6 Views

Logo
High
resolved

SELECT ... INTO OUTFILE does not enforce the FILE WRITE privilege unprivileged arbitrary file write on the server


Bug reported by was disclosed at July 13, 2026, 7:35 pm   |   Missing Authorization

A security vulnerability was reported in SingleStore's self-managed database server where the SELECT...INTO OUTFILE command did not properly enforce the FILE WRITE privilege. This allowed any authenticated user, including those with only USAGE privileges, to write arbitrary files to the aggregator host at any path, written as the engine OS user. The vulnerability affected default-configuration self-managed deployments, but was not present in SingleStore Helios due to the local_file_system_access_restricted setting. The issue was patched by the vendor and the fix will be reflected in the next patch versions of supported SingleStoreDB releases.


[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]



Users browsing this thread: 1 Guest(s)