CVE Catalog

CVE-2026-40811

High
Published: Translated: NVD NIST

Summary

The ssoabstractservice has a remote SQL Injection vulnerability that can be exploited by an unauthenticated attacker. The flaw arises from improper neutralization of special elements in a SQL SELECT command, potentially leading to a total loss of confidentiality.

Risk Assessment

The organization may face serious data breaches, resulting in the loss of confidential information and potential legal consequences.

Recommendation

It is recommended to immediately patch the vulnerability and review application security to prevent future SQL Injection attacks.

Original NVD description (English source)

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS