A vulnerability, which was classified as critical , has been found in Grit42 Grit up to 0.11.0 . This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/data_table_entity.rb . The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2026-12206 . The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond