CVE Catalog

CVE-2026-40817

High
Published: Translated: NVD NIST

Summary

The getAlarmProfiles function has an SQL Injection vulnerability that can be exploited by an unauthenticated remote attacker. Improper neutralization of special elements in a SQL SELECT command leads to a total loss of confidentiality.

Risk Assessment

The organization may face serious data security breaches, potentially resulting in the exposure of sensitive information.

Recommendation

It is recommended to implement appropriate security mechanisms, such as input validation and the use of parameters in SQL queries.

Original NVD description (English source)

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS