CVE-2026-25956: Python Unvalidated Dict Key In Query Builder

Unvalidated dictionary keys in query builder can lead to SQL Injection or Reflected XSS via unsanitized exception messages. Validate keys (e.g., check format explicitly via .isalpha(), .isupper() or allowlist matching) before using them in queries or reflective error bounds.

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0

Python

greprules fetch cve-2026-25956-python-unvalidated-dict-key-in-query-builder --engine opengrep

Description

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Quality signals: 131 downloads
0 direct131 via packs
· 0 stars · Quality score 73How quality works
Included packs: 2 packs

Community feedback

0 signals from signed-in users.

Useful: 0
False positive: 0
Metadata: 0