CVE Catalog

CVE-2026-40813

High
Published: Translated: NVD NIST

Summary

CVE-2026-40813 describes an unauthenticated remote SQL Injection vulnerability in the tagid parameter of the getLiveValues function. Improper neutralization of special elements in a SQL SELECT command can lead to a total loss of confidentiality.

Risk Assessment

An attacker could gain access to sensitive data, posing a significant threat to the organization's security.

Recommendation

It is recommended to implement proper input filtering and validation to prevent SQL Injection attacks.

Original NVD description (English source)

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions tagid parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS