< ciso
brief />
Tag Banner

All news with #sql injection tag

36 articles

Ubiquiti issues urgent UniFi security patches

πŸ”’ Ubiquiti has released updates to remediate several critical vulnerabilities across UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS. The flaws include command injection, authenticated SQL injection, SSRF, and improper access control, with multiple CVSS scores at or near 10.0. Affected versions are identified for each product and updated builds are available that address the issues.
read more β†’

Critical LangGraph flaw chain risks remote code execution

πŸ”’ Researchers disclosed three patched vulnerabilities in LangGraph, including a critical SQL injection and unsafe deserialization chain that could enable remote code execution in self-hosted deployments. LangGraph is an open-source framework from LangChain for building stateful, multi-agent AI applications. Check Point and researcher Yarden Porat reported the issues, which affect SQLite and Redis checkpointers but not LangChain's managed LangSmith service.
read more β†’

Critical LangGraph Vulnerabilities Put AI Agents at Risk

πŸ”’ Check Point Research discovered a critical vulnerability chain in LangGraph, an open-source AI agent framework with ~46.5M monthly downloads, that can lead to full remote code execution. The issue centers on the checkpointer persistence layer where an SQL injection in get_state_history() can be chained with a msgpack deserialization flaw to execute attacker-controlled code. Three CVEs were assigned and patched; affected teams should upgrade and place authentication and network controls in front of self-hosted deployments.
read more β†’

KACO Blueplanet Inverters: Credential and SQL Injection Risk

πŸ”’ KACO blueplanet inverters contain vulnerabilities that can expose service credentials and allow SQL injection against management components. Siemens and KACO new energy have released updates for some models and recommend updating to the latest firmware where fixes exist. Operators should minimize network exposure, segment control networks, and apply vendor security updates after validation and supervised deployment.
read more β†’

Malware threats imperil automated tank gauges

πŸ”’ CISA warns that ongoing cyber-attacks on automated tank gauges (ATGs) could allow attackers to drain fuel tanks or hide theft and leaks, affecting gas stations, military bases, hospitals, and industrial sites. The attacks exploit authentication bypasses, hardcoded credentials, OS command execution, SQL injection, and privilege escalation to gain full control. Administrators are urged to remove public serial connections, change default passwords, apply patches, report incidents to CISA, and push supply-chain partners to adopt defenses.
read more β†’

CISA orders federal patching for exploited Drupal flaw

πŸ›‘οΈ CISA has mandated U.S. federal agencies to patch an actively exploited SQL injection vulnerability in the Drupal CMS (CVE-2026-9082) by the specified deadline. Discovered by Google/Mandiant researcher Michael Maturi, the flaw affects Drupal's database abstraction API and allows unauthenticated SQL injection against PostgreSQL-backed sites. The Drupal team labelled the bug highly critical and released fixes after observing exploitation in the wild; Shadowserver reports nearly 670 exposed installations. CISA added the issue to its KEV Catalog and urged all organizations to apply vendor mitigations immediately.
read more β†’

Critical Ghost CMS SQLi Exploited in ClickFix Campaign

πŸ›‘οΈ Researchers uncovered a large-scale campaign exploiting a critical SQL injection (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript that triggers ClickFix attack flows. More than 700 domains β€” including university portals, media outlets, fintech firms, and personal blogs β€” were affected. The flaw impacts Ghost 3.24.0 through 6.19.0 and allows unauthenticated actors to exfiltrate admin API keys. Administrators are urged to upgrade to 6.19.1+, rotate keys, and scan sites for injected scripts.
read more β†’

CISA Adds Drupal SQL Injection to KEV Catalog

πŸ›‘οΈ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SQL injection flaw in Drupal Core (CVE-2026-9082, CVSS 6.5) to its Known Exploited Vulnerabilities list after evidence of active exploitation. The vulnerability affects all supported Drupal Core versions and could enable privilege escalation and remote code execution via crafted requests using the database abstraction API. Patches were released across multiple 8.x–11.x branches, with manual patches required for Drupal 9.5 and 8.9.
read more β†’

Drupal SQL injection flaw now being exploited

πŸ”’ Drupal has warned administrators that a "highly critical" SQL injection vulnerability, tracked as CVE-2026-9082, is being actively targeted in the wild. Discovered by Google/Mandiant researcher Michael Maturi, the flaw affects Drupal's database abstraction API and allows specially crafted requests to trigger arbitrary SQL injection on sites using PostgreSQL. Exploitation requires no authentication and can lead to remote code execution, privilege escalation, and data disclosure; Drupal has released updates and urges immediate patching.
read more β†’

Highly Critical PostgreSQL SQLi Fix Released for Drupal

πŸ›‘οΈ Drupal issued emergency updates addressing a "highly critical" SQL injection flaw tracked as CVE-2026-9082 in its database abstraction API that can be exploited against sites using PostgreSQL, allowing information disclosure and in some cases privilege escalation or remote code execution. The vendor released patched builds for supported 11.x and 10.x branches and published manual patches for EOL versions. Upstream Symfony and Twig fixes are also included in recent releases.
read more β†’

Drupal issues emergency patch for critical SQL injection

🚨Drupal administrators must apply an emergency core update to address a β€œhighly critical” SQL injection defect (CVE-2026-9082) that affects sites using PostgreSQL. The release also bundles upstream fixes for Symfony and Twig, so Drupal urges updates even for non-Postgres deployments. Supported branches 11.3, 11.2, 10.6 and 10.5 are patched, while end-of-life versions may receive unsupported best-effort patches. The flaw permits anonymous attackers to send crafted requests resulting in arbitrary SQL injection, information disclosure, and potential privilege escalation or remote code execution.
read more β†’

Avada Builder Flaws Expose Files and Enable SQLi Risks

πŸ”’ The Avada Builder WordPress plugin contained two serious vulnerabilities impacting an estimated one million active installations. One flaw (CVE-2026-4782) allows authenticated users with subscriber access to read arbitrary server files via the plugin’s shortcode-rendering and the custom_svg parameter, exposing sensitive files like wp-config.php. The other issue (CVE-2026-4798) is a time-based blind SQL injection exploitable without authentication if WooCommerce was previously installed and then deactivated. Administrators are urged to update to Avada Builder 3.15.3 immediately.
read more β†’

Avada Builder Vulnerabilities Put One Million Sites at Risk

⚠️ Two newly disclosed flaws in the Avada Builder WordPress plugin place roughly one million sites at risk of arbitrary file read (CVE-2026-4782, CVSS 6.5) and unauthenticated time-based SQL injection (CVE-2026-4798, CVSS 7.5). The issues were reported to Wordfence in March and fixed in 3.15.2 and fully resolved in 3.15.3. Site owners are urged to update immediately and audit subscriber accounts and wp-config.php for signs of compromise.
read more β†’

SAP May 2026 Fixes Critical Flaws in Commerce Cloud

πŸ”’ SAP released its May 2026 security updates addressing 15 vulnerabilities across multiple products, including two critical flaws affecting Commerce Cloud and S/4HANA. The most severe (CVE-2026-34263) is a missing authentication check in Commerce Cloud that can allow unauthenticated remote code execution via improper Spring Security configuration. The other critical (CVE-2026-34260) permits low-complexity SQL injection by attackers with basic privileges, risking sensitive data exposure and potential service crashes. SAP also patched one high and 11 medium-severity issues and reports no evidence of in-the-wild exploitation to date.
read more β†’

CISA Adds KEV Entry for BerriAI LiteLLM SQLi Risk Now

πŸ”” CISA added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-42208, a SQL injection affecting BerriAI LiteLLM. The agency cites evidence of active exploitation and notes that SQLi remains a common, high-risk vector. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV-listed flaws by their due dates. CISA urges all organizations to prioritize timely remediation as part of routine vulnerability management.
read more β†’

Critical SQL Injection in LiteLLM (CVE-2026-42208)

⚠️ A critical SQL injection (CVE-2026-42208, CVSS 9.3) in the open-source LiteLLM Python gateway allowed unauthenticated attackers to inject SQL via a proxy API key check by placing crafted values in the Authorization header. Maintainers released 1.83.7-stable on April 19, 2026, to fix versions >=1.81.16 and <1.83.7. Security vendor Sysdig reported active exploitation within roughly 26–36 hours of disclosure, with probes focused on credential tables that store upstream LLM provider keys. Operators should update immediately or set disable_error_logs: true as a temporary mitigation.
read more β†’

Critical LiteLLM Pre-auth SQLi Allows Database Access

πŸ”“ LiteLLM's proxy contains a pre-auth SQL injection in its API key verification, tracked as CVE-2026-42208. An attacker can send a crafted Authorization header to any LLM API route to read and modify the proxy database, exposing API keys, master keys, provider credentials, and environment secrets. Exploitation was observed about 36 hours after public disclosure and targeted '/chat/completions'. Upgrade to 1.83.7 or apply the suggested workaround and rotate any exposed credentials.
read more β†’

Mitsubishi Electric GENESIS64 and ICONICS Suite Fixes

πŸ”’ CISA reports two high‑severity vulnerabilities (CVE‑2025‑14815, CVE‑2025‑14816) in Mitsubishi Electric GENESIS64, ICONICS Suite, and related products that may expose SQL Server credentials stored in local caches or displayed in the Hyper Historian Splitter GUI. Successful exploitation could enable disclosure, tampering, or denial of service on affected systems. Vendor updates are available (10.98+ for GENESIS64/ICONICS products and 11.03+ for GENESIS); administrators should disable local cache, delete cache files, prefer Windows authentication, and restrict administrative and remote access until patches are applied.
read more β†’

Fortinet issues emergency FortiClient EMS patch now

πŸ” Fortinet has released an emergency hotfix for FortiClient Enterprise Management Server (EMS) to address a critical improper access control flaw tracked as CVE-2026-35616 (CVSS 9.1) that is being exploited in the wild. The vendor said the interim hotfix for EMS 7.4.5 and 7.4.6 fully prevents the issue and that a permanent fix will be included in 7.4.7. Security vendor Defused also reported a separate critical SQL injection, CVE-2026-21643 (CVSS 9.8), with active exploit activity; customers were urged to upgrade to 7.4.5 or later or at minimum disconnect the administrative web interface from the internet.
read more β†’

Critical SQL Injection in Fortinet EMS Actively Exploited

⚠️ A critical SQL injection, CVE-2026-21643, is being actively exploited against FortiClient EMS, allowing unauthenticated attackers to execute arbitrary SQL via crafted HTTP requests. The flaw affects EMS 7.4.4 when multi-tenant mode is enabled; Fortinet released 7.4.5 to remediate. Researchers note the endpoint returns database error messages and lacks lockout protections, enabling rapid data extraction and credential theft. Administrators should patch immediately, remove internet exposure, and inspect HTTP headers for anomalous SQL.
read more β†’