CVE-2026-40810
HighSummary
In CVE-2026-40810, an unauthenticated remote attacker can exploit an SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Risk Assessment
The organization is at risk of losing confidential data, which can lead to serious legal and reputational consequences.
Recommendation
It is recommended to implement appropriate security measures, such as input validation and using parameters in SQL queries, to minimize the risk of attack.
Original NVD description (English source)
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

