CVE-2026-2584
CriticalSummary
A critical SQL Injection vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker can exploit this flaw by sending specially crafted SQL queries through the login interface.
Risk Assessment
This vulnerability may lead to a total compromise of the system's configuration data, posing a risk of exposing sensitive information regarding interconnected systems.
Recommendation
It is recommended to immediately patch the vulnerability and review the security of the authentication module to minimize the risk of SQL Injection attacks.
Original NVD description (English source)
A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity (AC:L) and the absence of specific requirements (AT:N), the vulnerability allows for a total compromise of the system's configuration data (VC:H/VI:H). While the availability of the service remains unaffected (VA:N), the breach may lead to a limited exposure of sensitive information regarding subsequent or interconnected systems (SC:L).

