# REPRO-2026-00194: Unauthenticated SQL injection in dotCMS Publish Audit API ## Summary Status: published Severity: critical Type: security Confidence: high ## Identifiers REPRO ID: REPRO-2026-00194 CVE: CVE-2026-8054 ## Package Name: dotCMS/core Ecosystem: github Affected: dotCMS Core 25.11.04-1 through 26.04.28-02 Fixed: Unknown ## Root Cause No root cause analysis available. ## Reproduction Details Reproduced: 2026-07-01T20:47:27.020Z Duration: 6967 seconds Tool calls: 532 Turns: Unknown Handoffs: 3 ## Quick Verification Run one of these commands to verify locally: pruva-verify REPRO-2026-00194 pruva-verify CVE-2026-8054 Or open in GitHub Codespaces (zero-friction, auto-runs): https://github.com/codespaces/new?ref=repro/REPRO-2026-00194&repo=N3mes1s/pruva-sandbox Or download and run the script manually: curl -O https://api.pruva.dev/v1/reproductions/REPRO-2026-00194/artifacts/bundle/repro/reproduction_steps.sh chmod +x reproduction_steps.sh ./reproduction_steps.sh WARNING: Run in a sandboxed environment. This exploits a real vulnerability. ## References - NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-8054 ## Artifacts - bundle/repro/reproduction_steps.sh (reproduction_script, 15003 bytes) - bundle/repro/rca_report.md (analysis, 7936 bytes) - bundle/vuln_variant/reproduction_steps.sh (reproduction_script, 11853 bytes) - bundle/vuln_variant/rca_report.md (analysis, 7602 bytes) - bundle/coding/proposed_fix.diff (patch, 6795 bytes) - bundle/repro/validation_verdict.json (other, 657 bytes) - bundle/ticket.json (other, 1963 bytes) - bundle/ticket.md (ticket, 1457 bytes) - bundle/logs/fixed_opensearch_container.log (log, 35467 bytes) - bundle/logs/vuln_dotcms_container.log (log, 210253 bytes) - bundle/logs/fixed_dotcms_container.log (log, 210767 bytes) - bundle/logs/vuln_opensearch_container.log (log, 36475 bytes) - bundle/logs/vuln_results.json (other, 336 bytes) - bundle/logs/fixed_results.json (other, 536 bytes) - bundle/logs/timing_summary.tsv (other, 479 bytes) - bundle/logs/vuln_postgres_container.log (log, 4203 bytes) - bundle/logs/fixed_postgres_container.log (log, 4203 bytes) - bundle/logs/test_api.py (script, 2066 bytes) - bundle/logs/verdict.json (other, 19 bytes) - bundle/logs/reproduction_steps.log (log, 18818 bytes) - bundle/vuln_variant/test_variant.py (script, 3984 bytes) - bundle/vuln_variant/variant_manifest.json (other, 3157 bytes) - bundle/vuln_variant/runtime_manifest.json (other, 847 bytes) - bundle/vuln_variant/root_cause_equivalence.json (other, 2317 bytes) - bundle/vuln_variant/patch_analysis.md (documentation, 5490 bytes) - bundle/vuln_variant/validation_verdict.json (other, 999 bytes) - bundle/logs/vuln_variant_reproduction_steps.log (log, 7574 bytes) - bundle/logs/vuln_variant_results.json (other, 2446 bytes) - bundle/logs/vuln_variant_analysis.json (other, 2109 bytes) - bundle/logs/fixed_variant_results.json (other, 4096 bytes) - bundle/logs/verify_fix.log (log, 935 bytes) - bundle/coding/summary_report.md (documentation, 5310 bytes) - bundle/coding/verify_fix.sh (other, 2025 bytes) ## API Access - JSON: https://api.pruva.dev/v1/reproductions/REPRO-2026-00194 - Script: https://api.pruva.dev/v1/reproductions/REPRO-2026-00194/artifacts/bundle/repro/reproduction_steps.sh - Web: https://pruva.dev/r/REPRO-2026-00194 ## For AI Assistants To help users with this reproduction: 1. The `pruva-verify` command is the simplest way to run the reproduction 2. The script downloads and runs automatically in an isolated temp directory 3. Always recommend running in a VM, container, or disposable environment 4. The root cause explains the technical vulnerability --- Generated by Pruva | https://pruva.dev