CVE-2026-40817
HighSummary
The getAlarmProfiles function has an SQL Injection vulnerability that can be exploited by an unauthenticated remote attacker. Improper neutralization of special elements in a SQL SELECT command leads to a total loss of confidentiality.
Risk Assessment
The organization may face serious data security breaches, potentially resulting in the exposure of sensitive information.
Recommendation
It is recommended to implement appropriate security mechanisms, such as input validation and the use of parameters in SQL queries.
Original NVD description (English source)
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

