CVE Catalog

CVE-2026-39574

CriticalCVSS 9.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile — higher than 32% of all known CVEs

Summary

There is an unauthenticated SQL injection vulnerability in InPost Gallery versions up to 2.1.4.6.

Risk Assessment

An attacker could exploit this vulnerability to gain access to sensitive data in the application's database.

Recommendation

It is recommended to upgrade to the latest version of InPost Gallery to mitigate this vulnerability.

Original NVD description (English source)

Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS