← Volver a CVEs
CVE-2026-2584
N/ADescripcion
A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity (AC:L) and the absence of specific requirements (AT:N), the vulnerability allows for a total compromise of the system's configuration data (VC:H/VI:H). While the availability of the service remains unaffected (VA:N), the breach may lead to a limited exposure of sensitive information regarding subsequent or interconnected systems (SC:L).
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado3/2/2026
Ultima modificacion3/2/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-89
Referencias
https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-ciser-system-sl-firmware(cve-coordination@incibe.es)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.