A vulnerability, which was classified as critical , has been found in Grit42 Grit up to 0.11.0 . Affected by this issue is some unknown functionality of the file modules/core/backend/app/controllers/concerns/grit/core/grit_entity_controller.rb of the component GritEntityController . Performing a manipulation results in sql injection. This vulnerability was named CVE-2026-12188 . The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this