CVE Catalog

CVE-2026-56052

HighCVSS 7.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

13th percentile — higher than 13% of all known CVEs

Summary

CVE-2026-56052 describes an improper neutralization of special elements used in SQL commands, allowing for Blind SQL Injection in FunnelKit Funnel Builder.

Risk Assessment

An attacker could exploit this vulnerability to gain unauthorized access to database information, potentially leading to serious security breaches.

Recommendation

It is recommended to update FunnelKit Funnel Builder to the latest version to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.15.0.5.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS