CVE-2026-47668 - DbGate JSON script runner unauthenticated RCE

DbGate dbgate-serve through 7.1.8 accepted JSON runner requests whose assign commands were converted into JavaScript by string concatenation and then executed in a forked Node.js child process. In deployments that kept DbGate’s anonymous authentication mode enabled, the advisory states an attacker could obtain a bearer token without credentials and reach POST /runners/start as an unauthenticated network user.

This is not only a package-upgrade issue. The fix needs the patched version, elimination of untrusted code generation from runner inputs, and deployment hardening so anonymous/default auth does not turn an internal admin tool into a network-reachable RCE surface.

When to use it

Use this recipe when a repository deploys, wraps, forks, or packages DbGate and may expose JSON runner execution through dbgate-serve. It is especially important for admin portals, demo stacks, customer-managed installs, internal database tools, and agent-accessible environments where anonymous/default auth or weak route protection could reach /runners/start.

Use it to produce a safe upgrade, auth hardening, and operator cleanup packet. Do not use it to send runner payloads or test command execution.

Inputs

  • Package manifests, lockfiles, Dockerfiles, Compose/Helm/Kubernetes manifests, reverse-proxy config, SBOMs, generated dependency reports, docs, runbooks, forks, and wrapper code that reference DbGate.
  • Resolved dbgate-serve, dbgate, and dbgate-api versions across runtime images and generated artifacts.
  • Runner execution code paths, including /runners/start, jsonScriptToJavascript, assignCore, functionName, variableName, and custom route wrappers.
  • Authentication and authorization evidence: anonymous/default auth settings, token issuance, route middleware, reverse-proxy exceptions, and roles allowed to run scripts.
  • Runtime authority: saved database connections, SQL history, mounted files, environment variables, cloud credentials, source checkout material, network egress, and operator-owned credential rotation steps.

Affected versions

  • Vulnerable package: dbgate-serve <=7.1.8
  • Fixed package: dbgate-serve 7.1.9+
  • Affected route: POST /runners/start
  • Affected input fields: JSON runner assign command functionName and variableName
  • High-risk deployment condition: anonymous/default auth mode that issues a token through /auth/login without real credentials

Indicator-of-exposure

  • The repository depends on, vendors, builds, or deploys dbgate-serve <=7.1.8.
  • The deployment exposes DbGate on a reachable network path through Docker, Compose, Helm, Kubernetes, reverse proxy, internal admin gateway, or demo environment.
  • Product code, wrappers, or plugins allow JSON runner scripts, assign commands, script templates, or runner APIs driven from request bodies.
  • Authentication is disabled, set to anonymous, delegated insecurely, or otherwise reachable by users who are not fully trusted administrators.
  • The DbGate runtime can read saved database connections, local files, environment variables, cloud credentials, or source/deployment material.

Quick checks:

rg -n "dbgate|dbgate-serve|/runners/start|jsonScriptToJavascript|assignCore|functionName|variableName|authProvider|/auth/login|Anonymous|none" .
npm ls dbgate-serve dbgate dbgate-api
pnpm why dbgate-serve dbgate dbgate-api
yarn why dbgate-serve dbgate dbgate-api
rg -n "dbgate|DBGATE|authProvider|anonymous|none|/auth/login|/runners/start" Dockerfile* docker-compose*.yml compose*.yml charts k8s deploy .github . 2>/dev/null

Windows:

rg -n "dbgate|dbgate-serve|/runners/start|jsonScriptToJavascript|assignCore|functionName|variableName|authProvider|/auth/login|Anonymous|none" .
npm ls dbgate-serve dbgate dbgate-api
pnpm why dbgate-serve dbgate dbgate-api
yarn why dbgate-serve dbgate dbgate-api
rg -n "dbgate|DBGATE|authProvider|anonymous|none|/auth/login|/runners/start" Dockerfile* docker-compose*.yml compose*.yml charts k8s deploy .github .

Do not send crafted runner payloads, call /auth/login in anonymous mode against a live target, or execute shell commands through DbGate during triage.

Remediation strategy

  • Upgrade every controlled DbGate runtime, lockfile, container image, SBOM, and deployment artifact to 7.1.9+.
  • If this repository owns a DbGate fork, wrapper, or plugin surface, remove raw interpolation of request-controlled runner fields into JavaScript. Replace it with structured validation plus an allow-listed operation mapping.
  • Disable anonymous/default auth and require explicit server-side authentication for any runner-capable route.
  • Require authorization for runner execution even after authentication. A basic authenticated user should not be able to trigger generated-code execution.
  • Reduce runtime authority: least-privilege OS user, minimal mounts, no source checkout or cloud-deploy credentials in the same container, and restricted egress where practical.
  • Rotate DbGate tokens, database credentials, and any reachable environment secrets if anonymous/default access may have existed on a vulnerable version.

The prompt

You are remediating CVE-2026-47668 / GHSA-8v3q-9vmx-36vc, a critical DbGate
JSON script runner code-injection issue that can become unauthenticated RCE in
anonymous/default deployments. Produce exactly one output:

- A reviewer-ready PR/change request that upgrades DbGate, removes unsafe
  request-to-code generation, hardens authentication and authorization around
  runner execution, refreshes generated artifacts, and documents operator
  cleanup, or
- TRIAGE.md if this repository does not control an affected DbGate runtime,
  fork, image, wrapper, plugin, or deployment.

## Rules

- Scope only CVE-2026-47668 / GHSA-8v3q-9vmx-36vc and directly related DbGate
  runner/auth hardening.
- Treat bearer tokens, DbGate sessions, saved database credentials, SQL
  history, source checkout material, environment variables, cloud credentials,
  and mounted files as sensitive.
- Do not send exploit payloads, synthetic code-injection strings, or shell
  commands through `/runners/start`, `/auth/login`, or other runner endpoints.
- Do not print tokens, passwords, connection profiles, SQL results, or
  environment variables in logs, reports, snapshots, or commits.
- Do not rely on UI-only validation, deny-lists, or `require = null` style
  sandboxing as the primary fix.
- Do not auto-merge.

## Steps

1. Inventory every repository-controlled DbGate reference: package manifests,
   lockfiles, workspaces, Dockerfiles, Compose files, Helm charts, Kubernetes
   manifests, CI images, reverse-proxy config, SBOMs, generated dependency
   reports, docs, runbooks, forks, and wrapper code.
2. Determine every resolved `dbgate-serve`, `dbgate`, and `dbgate-api`
   version. A target is vulnerable if the served runtime resolves to `7.1.8`
   or earlier.
3. Search for runner code-generation paths and auth defaults:
   `/runners/start`, `jsonScriptToJavascript`, `assignCore`, `functionName`,
   `variableName`, `authProvider`, `Anonymous`, `none`, `/auth/login`, and
   custom auth middleware or reverse-proxy exceptions.
4. Classify who can reach the deployment: trusted administrators only,
   internal developers, demo users, tenant users, contractors, automation
   accounts, or internet users.
5. If this repository does not control an affected DbGate runtime, stop with
   `TRIAGE.md` listing checked files, deployment owner if known, and required
   fixed version `7.1.9+`.
6. Upgrade all controlled DbGate runtimes to `7.1.9+`. Refresh lockfiles,
   package metadata, container digests, SBOMs, dependency reports, and docs.
7. If the repository owns product code around runner execution, replace raw
   request-to-code generation with fail-closed controls:
   - do not concatenate request-controlled names into JavaScript source;
   - validate runner operation names against a finite approved registry;
   - reject punctuation, separators, comments, quotes, whitespace, brackets,
     operators, and control characters in identifiers;
   - map approved operations to implementation functions without eval-like
     code generation.
8. Harden access control:
   - disable anonymous/default auth;
   - require explicit authentication before token issuance or runner access;
   - require a dedicated privileged permission for runner execution;
   - ensure non-admin users cannot invoke or configure runner operations.
9. Add regression coverage that is safe to review:
   - vulnerable versions are absent from manifests and images;
   - anonymous/default auth cannot obtain runner-capable access;
   - malformed runner identifiers are rejected before execution;
   - low-privilege users cannot reach runner APIs;
   - logs omit secrets and generated-code content.
10. Reduce blast radius where this repository owns deployment:
    - run as a non-root or least-privilege user when supported;
    - remove unnecessary mounts and write permissions;
    - keep deploy/cloud credentials out of the DbGate process;
    - restrict network egress and metadata access where practical.
11. Add a PR body section named `CVE-2026-47668 operator actions` that states:
    - DbGate versions before and after;
    - whether anonymous/default auth was present;
    - who could reach runner endpoints before the patch;
    - which secret-bearing environments may have been reachable;
    - whether token rotation, credential rotation, image rebuilds, or log
      review are required;
    - which validation commands passed.
12. Run available validation: package install, lockfile integrity, unit/API
    tests, auth tests, route tests, lint/typecheck, container build, deployment
    rendering, SBOM refresh, and dependency/security scans.
13. Use PR title:
    `fix(sec): remediate CVE-2026-47668 in DbGate`.

## Stop conditions

- No affected DbGate runtime, fork, image, or deployment is controlled by this
  repository.
- The runtime is owned by another team or vendor; document owner and required
  fixed version in `TRIAGE.md`.
- A fixed version cannot be adopted without a broader platform migration.
- Verification would require live exploit traffic, live token issuance abuse,
  runner execution, or secret-bearing runtime inspection.
- Validation fails for unrelated pre-existing reasons; document those failures
  instead of broadening scope.

Verification - what the reviewer looks for

  • No controlled runtime, lockfile, image, or SBOM resolves dbgate-serve <=7.1.8.
  • Anonymous/default auth does not yield runner-capable access.
  • Runner code paths do not concatenate request-controlled fields into generated JavaScript.
  • Only explicitly authorized administrator roles can reach runner execution.
  • Operator notes cover token and credential rotation if the old deployment may have been reachable by untrusted users.

Watch for

  • Updating package.json while images, Helm values, or generated artifacts still deploy 7.1.8.
  • Fixing the package version but leaving anonymous/default auth exposed on the same service.
  • Blocking the UI only while API or proxy routes still reach /runners/start.
  • Logging runner request bodies, connection profiles, or environment variables during validation.

Output contract

Return one of:

  • A reviewer-ready PR/change request that upgrades DbGate to 7.1.9+, removes unsafe request-to-code generation, disables anonymous/default runner access, adds authorization and identifier-validation tests, refreshes generated artifacts, reduces runtime authority, and documents operator cleanup.
  • TRIAGE.md when no controlled affected DbGate runtime, fork, image, wrapper, plugin, or deployment exists.

The output must list versions before/after, runner endpoints found, anonymous auth status, roles that could reach runner execution, generated artifacts refreshed, validation commands, and token/credential rotation needs. It must not include exploit payloads, runner request bodies, bearer tokens, connection profiles, SQL results, environment variables, or generated-code content.

References