CVE-2026-41490: SQL Injection via Dynamic Partition Keys - Dagster Database I/O Managers

Details

• Version: dagster ≤1.13.0 (fixed in 1.13.1); dagster-deltalake, dagster-duckdb, dagster-gcp, dagster-snowflake, dagster-snowflake-polars ≤0.29.0 (fixed in 0.29.1)
• CVE ID: CVE-2026-41490
• GHSA ID: GHSA-mjw2-v2hm-wj34
• CVSS: 8.3 (High)
• CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)
• Vendor Homepage: https://dagster.io
• Affected Product Code Base: Dagster Database I/O Managers (DuckDB, Snowflake, BigQuery, DeltaLake) — vulnerable in dagster ≤1.13.0 and integration packages ≤0.29.0, fixed in dagster 1.13.1 / integrations 0.29.1
• Affected Component: WHERE-clause construction in the database I/O managers (e.g. partition_where_clause() / static_where_clause() in the I/O manager integrations), which interpolate dynamic partition key values into SQL queries using f-strings without escaping
• CVE Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41490
• Exploit Author: VyPr AI
• Fix Status: Patched in dagster 1.13.1 and integration packages 0.29.1; the fix ensures partition key values are properly escaped before inclusion in SQL queries across all affected I/O managers

Description

A SQL injection vulnerability (CWE-89) exists in the Dagster DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers. When loading or storing partitioned assets, these I/O managers construct SQL WHERE clauses by interpolating dynamic partition key values directly into the query string without escaping. A user with the Add Dynamic Partitions permission can add a partition whose key contains a crafted SQL payload, which is then executed under the I/O manager’s database credentials.

Only pipelines using dynamic partitions are affected. Static and time-window partitions are not affected.

Attack Vectors

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: Low (Add Dynamic Partitions permission)
• User Interaction: None

An attacker who can add dynamic partitions supplies a partition key containing SQL metacharacters. When an asset backed by an affected database I/O manager is materialized or loaded for that partition, the unescaped key is concatenated into the WHERE clause and executed with the I/O manager’s database privileges. This allows reading or modifying database data beyond the attacker’s normal role permissions in deployments where partition-management permissions are granted independently of broader database access.

References

• CVE Entry: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41490
• GitHub Security Advisory: https://github.com/dagster-io/dagster/security/advisories/GHSA-mjw2-v2hm-wj34
• Vendor Project: https://github.com/dagster-io/dagster
• Dagster Homepage: https://dagster.io