Listen to this Post
How the mentioned CVE works (around 20 lines)
The vulnerability exists in the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers that construct SQL WHERE clauses by interpolating dynamic partition key values into queries without proper escaping. A malicious user with the `Add Dynamic Partitions` permission can craft a partition key that injects arbitrary SQL commands. These injected commands execute against the target database backend under the I/O manager’s credentials. The attack is only possible in deployments that use dynamic partitions; static or time‑window partitions are not impacted. In Dagster OSS, any user with access to the Dagster API can create dynamic partition keys. In Dagster+, the `Add Dynamic Partitions` permission is typically granted to users with the Editor role or above, who may already have broad database access. The vulnerability becomes most critical when this permission is granted independently of broader database access, such as in multi‑tenant or custom RBAC configurations. In such cases, an affected user could read or modify data beyond what their role would otherwise permit. The attack vector is the interpolation of unsanitized user input into SQL queries, leading to arbitrary SQL execution. The fix ensures that partition key values are properly escaped before inclusion in SQL queries across all affected I/O managers.
DailyCVE form
Platform: Dagster
Version: ≤1.13.0 (core)
Vulnerability: SQL Injection
Severity: High
Date: 2026-04-18
Prediction: 2026-04-18
What Undercode Say
Check Dagster version
dagster --version
List dynamic partitions (if any)
dagster partition list --dynamic
Simulate unsafe partition key (PoC concept)
curl -X POST "http://dagster-host/graphql" \
-H "Content-Type: application/json" \
-d '{"query":"mutation { addDynamicPartition(partitionKey:\"1' OR '1'='1\") { ... } }"}'
Update to patched version
pip install --upgrade dagster==1.13.1 dagster-duckdb==0.29.1 dagster-snowflake==0.29.1 dagster-gcp==0.29.1 dagster-deltalake==0.29.1
Exploit
An attacker with the `Add Dynamic Partitions` permission creates a dynamic partition key containing SQL metacharacters (e.g., 1' OR '1'='1). The I/O manager interpolates this key directly into a `WHERE` clause without escaping, allowing the attacker to modify the query logic. The injected SQL runs with the I/O manager’s database credentials, enabling unauthorized data reading or modification.
Protection from this CVE
- Upgrade Dagster and the affected I/O managers to the patched versions listed above.
- If an immediate upgrade is not possible, review the manual workarounds provided in the advisory.
- Restrict the `Add Dynamic Partitions` permission only to users who absolutely require it, especially in multi‑tenant or custom RBAC environments.
Impact
- Unauthorized Data Access: Attackers can read arbitrary data from the databases accessible to the I/O manager.
- Data Modification: Attackers can alter or delete data within the same databases.
- Privilege Escalation: The injected SQL executes with the I/O manager’s credentials, which may have higher privileges than the attacker’s own role.
- Exposure Context: The risk is highest when the `Add Dynamic Partitions` permission is granted independently of broader database access, e.g., in multi‑tenant deployments.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

