CVE-2026-47668 - DbGate JSON script runner unauthenticated RCE
DbGate dbgate-serve through 7.1.8 accepted JSON runner requests whose
assign commands were converted into JavaScript by string concatenation and
then executed in a forked Node.js child process. In deployments that kept
DbGate’s anonymous authentication mode enabled, the advisory states an attacker
could obtain a bearer token without credentials and reach POST /runners/start
as an unauthenticated network user.
This is not only a package-upgrade issue. The fix needs the patched version, elimination of untrusted code generation from runner inputs, and deployment hardening so anonymous/default auth does not turn an internal admin tool into a network-reachable RCE surface.
When to use it
Use this recipe when a repository deploys, wraps, forks, or packages DbGate and
may expose JSON runner execution through dbgate-serve. It is especially
important for admin portals, demo stacks, customer-managed installs, internal
database tools, and agent-accessible environments where anonymous/default auth
or weak route protection could reach /runners/start.
Use it to produce a safe upgrade, auth hardening, and operator cleanup packet. Do not use it to send runner payloads or test command execution.
Inputs
- Package manifests, lockfiles, Dockerfiles, Compose/Helm/Kubernetes manifests, reverse-proxy config, SBOMs, generated dependency reports, docs, runbooks, forks, and wrapper code that reference DbGate.
- Resolved
dbgate-serve,dbgate, anddbgate-apiversions across runtime images and generated artifacts. - Runner execution code paths, including
/runners/start,jsonScriptToJavascript,assignCore,functionName,variableName, and custom route wrappers. - Authentication and authorization evidence: anonymous/default auth settings, token issuance, route middleware, reverse-proxy exceptions, and roles allowed to run scripts.
- Runtime authority: saved database connections, SQL history, mounted files, environment variables, cloud credentials, source checkout material, network egress, and operator-owned credential rotation steps.
Affected versions
- Vulnerable package:
dbgate-serve <=7.1.8 - Fixed package:
dbgate-serve 7.1.9+ - Affected route:
POST /runners/start - Affected input fields: JSON runner
assigncommandfunctionNameandvariableName - High-risk deployment condition: anonymous/default auth mode that issues a
token through
/auth/loginwithout real credentials
Indicator-of-exposure
- The repository depends on, vendors, builds, or deploys
dbgate-serve<=7.1.8. - The deployment exposes DbGate on a reachable network path through Docker, Compose, Helm, Kubernetes, reverse proxy, internal admin gateway, or demo environment.
- Product code, wrappers, or plugins allow JSON runner scripts, assign commands, script templates, or runner APIs driven from request bodies.
- Authentication is disabled, set to anonymous, delegated insecurely, or otherwise reachable by users who are not fully trusted administrators.
- The DbGate runtime can read saved database connections, local files, environment variables, cloud credentials, or source/deployment material.
Quick checks:
rg -n "dbgate|dbgate-serve|/runners/start|jsonScriptToJavascript|assignCore|functionName|variableName|authProvider|/auth/login|Anonymous|none" .
npm ls dbgate-serve dbgate dbgate-api
pnpm why dbgate-serve dbgate dbgate-api
yarn why dbgate-serve dbgate dbgate-api
rg -n "dbgate|DBGATE|authProvider|anonymous|none|/auth/login|/runners/start" Dockerfile* docker-compose*.yml compose*.yml charts k8s deploy .github . 2>/dev/null
Windows:
rg -n "dbgate|dbgate-serve|/runners/start|jsonScriptToJavascript|assignCore|functionName|variableName|authProvider|/auth/login|Anonymous|none" .
npm ls dbgate-serve dbgate dbgate-api
pnpm why dbgate-serve dbgate dbgate-api
yarn why dbgate-serve dbgate dbgate-api
rg -n "dbgate|DBGATE|authProvider|anonymous|none|/auth/login|/runners/start" Dockerfile* docker-compose*.yml compose*.yml charts k8s deploy .github .
Do not send crafted runner payloads, call /auth/login in anonymous mode
against a live target, or execute shell commands through DbGate during triage.
Remediation strategy
- Upgrade every controlled DbGate runtime, lockfile, container image, SBOM, and
deployment artifact to
7.1.9+. - If this repository owns a DbGate fork, wrapper, or plugin surface, remove raw interpolation of request-controlled runner fields into JavaScript. Replace it with structured validation plus an allow-listed operation mapping.
- Disable anonymous/default auth and require explicit server-side authentication for any runner-capable route.
- Require authorization for runner execution even after authentication. A basic authenticated user should not be able to trigger generated-code execution.
- Reduce runtime authority: least-privilege OS user, minimal mounts, no source checkout or cloud-deploy credentials in the same container, and restricted egress where practical.
- Rotate DbGate tokens, database credentials, and any reachable environment secrets if anonymous/default access may have existed on a vulnerable version.
The prompt
You are remediating CVE-2026-47668 / GHSA-8v3q-9vmx-36vc, a critical DbGate
JSON script runner code-injection issue that can become unauthenticated RCE in
anonymous/default deployments. Produce exactly one output:
- A reviewer-ready PR/change request that upgrades DbGate, removes unsafe
request-to-code generation, hardens authentication and authorization around
runner execution, refreshes generated artifacts, and documents operator
cleanup, or
- TRIAGE.md if this repository does not control an affected DbGate runtime,
fork, image, wrapper, plugin, or deployment.
## Rules
- Scope only CVE-2026-47668 / GHSA-8v3q-9vmx-36vc and directly related DbGate
runner/auth hardening.
- Treat bearer tokens, DbGate sessions, saved database credentials, SQL
history, source checkout material, environment variables, cloud credentials,
and mounted files as sensitive.
- Do not send exploit payloads, synthetic code-injection strings, or shell
commands through `/runners/start`, `/auth/login`, or other runner endpoints.
- Do not print tokens, passwords, connection profiles, SQL results, or
environment variables in logs, reports, snapshots, or commits.
- Do not rely on UI-only validation, deny-lists, or `require = null` style
sandboxing as the primary fix.
- Do not auto-merge.
## Steps
1. Inventory every repository-controlled DbGate reference: package manifests,
lockfiles, workspaces, Dockerfiles, Compose files, Helm charts, Kubernetes
manifests, CI images, reverse-proxy config, SBOMs, generated dependency
reports, docs, runbooks, forks, and wrapper code.
2. Determine every resolved `dbgate-serve`, `dbgate`, and `dbgate-api`
version. A target is vulnerable if the served runtime resolves to `7.1.8`
or earlier.
3. Search for runner code-generation paths and auth defaults:
`/runners/start`, `jsonScriptToJavascript`, `assignCore`, `functionName`,
`variableName`, `authProvider`, `Anonymous`, `none`, `/auth/login`, and
custom auth middleware or reverse-proxy exceptions.
4. Classify who can reach the deployment: trusted administrators only,
internal developers, demo users, tenant users, contractors, automation
accounts, or internet users.
5. If this repository does not control an affected DbGate runtime, stop with
`TRIAGE.md` listing checked files, deployment owner if known, and required
fixed version `7.1.9+`.
6. Upgrade all controlled DbGate runtimes to `7.1.9+`. Refresh lockfiles,
package metadata, container digests, SBOMs, dependency reports, and docs.
7. If the repository owns product code around runner execution, replace raw
request-to-code generation with fail-closed controls:
- do not concatenate request-controlled names into JavaScript source;
- validate runner operation names against a finite approved registry;
- reject punctuation, separators, comments, quotes, whitespace, brackets,
operators, and control characters in identifiers;
- map approved operations to implementation functions without eval-like
code generation.
8. Harden access control:
- disable anonymous/default auth;
- require explicit authentication before token issuance or runner access;
- require a dedicated privileged permission for runner execution;
- ensure non-admin users cannot invoke or configure runner operations.
9. Add regression coverage that is safe to review:
- vulnerable versions are absent from manifests and images;
- anonymous/default auth cannot obtain runner-capable access;
- malformed runner identifiers are rejected before execution;
- low-privilege users cannot reach runner APIs;
- logs omit secrets and generated-code content.
10. Reduce blast radius where this repository owns deployment:
- run as a non-root or least-privilege user when supported;
- remove unnecessary mounts and write permissions;
- keep deploy/cloud credentials out of the DbGate process;
- restrict network egress and metadata access where practical.
11. Add a PR body section named `CVE-2026-47668 operator actions` that states:
- DbGate versions before and after;
- whether anonymous/default auth was present;
- who could reach runner endpoints before the patch;
- which secret-bearing environments may have been reachable;
- whether token rotation, credential rotation, image rebuilds, or log
review are required;
- which validation commands passed.
12. Run available validation: package install, lockfile integrity, unit/API
tests, auth tests, route tests, lint/typecheck, container build, deployment
rendering, SBOM refresh, and dependency/security scans.
13. Use PR title:
`fix(sec): remediate CVE-2026-47668 in DbGate`.
## Stop conditions
- No affected DbGate runtime, fork, image, or deployment is controlled by this
repository.
- The runtime is owned by another team or vendor; document owner and required
fixed version in `TRIAGE.md`.
- A fixed version cannot be adopted without a broader platform migration.
- Verification would require live exploit traffic, live token issuance abuse,
runner execution, or secret-bearing runtime inspection.
- Validation fails for unrelated pre-existing reasons; document those failures
instead of broadening scope.
Verification - what the reviewer looks for
- No controlled runtime, lockfile, image, or SBOM resolves
dbgate-serve<=7.1.8. - Anonymous/default auth does not yield runner-capable access.
- Runner code paths do not concatenate request-controlled fields into generated JavaScript.
- Only explicitly authorized administrator roles can reach runner execution.
- Operator notes cover token and credential rotation if the old deployment may have been reachable by untrusted users.
Watch for
- Updating
package.jsonwhile images, Helm values, or generated artifacts still deploy7.1.8. - Fixing the package version but leaving anonymous/default auth exposed on the same service.
- Blocking the UI only while API or proxy routes still reach
/runners/start. - Logging runner request bodies, connection profiles, or environment variables during validation.
Output contract
Return one of:
- A reviewer-ready PR/change request that upgrades DbGate to
7.1.9+, removes unsafe request-to-code generation, disables anonymous/default runner access, adds authorization and identifier-validation tests, refreshes generated artifacts, reduces runtime authority, and documents operator cleanup. TRIAGE.mdwhen no controlled affected DbGate runtime, fork, image, wrapper, plugin, or deployment exists.
The output must list versions before/after, runner endpoints found, anonymous auth status, roles that could reach runner execution, generated artifacts refreshed, validation commands, and token/credential rotation needs. It must not include exploit payloads, runner request bodies, bearer tokens, connection profiles, SQL results, environment variables, or generated-code content.
Related recipes
- CVE-2026-47670 - DbGate loadReader dynamic import RCE
- CVE-2026-48017 - DbGate loadReader functionName RCE
- Source-code injection sink audit
References
- GitHub Advisory Database: https://github.com/advisories/GHSA-8v3q-9vmx-36vc
- DbGate 7.1.9 release: https://github.com/dbgate/dbgate/releases/tag/v7.1.9
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47668