CVE Catalog

CVE-2026-39493

CriticalCVSS 9.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

28th percentile — higher than 28% of all known CVEs

Summary

There is an unauthenticated SQL injection vulnerability in Simply Schedule Appointments versions up to 1.6.9.27.

Risk Assessment

An attacker could exploit this vulnerability to gain access to sensitive data in the application's database.

Recommendation

It is recommended to update to the latest version of the application to mitigate this vulnerability.

Original NVD description (English source)

Unauthenticated SQL Injection in Simply Schedule Appointments <= 1.6.9.27 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS