CVE-2026-35548 - Vulnerability Analysis
HighCVSS: 8.5Last Updated: April 22, 2026
guardsix ODBC Enrichment Plugins - Server Side Request Forgery
Published: April 22, 2026Updated: April 22, 2026Remote Exploitable
Overview
guardsix ODBC Enrichment Plugins < 5.2.1 contain a server side request forgery caused by logic flaw retaining stored credentials after modifying target Host, IP, or Port, letting authenticated Operator users redirect database connections to internal systems, exploit requires authenticated Operator user.
Severity & Score
Severity: High
CVSS Score: 8.5
Impact
Authenticated Operator users can redirect database connections to internal systems, potentially leading to SSRF and misuse of stored credentials.
Mitigation
Update to version 5.2.1 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-35548
- Severity
- High
- CVSS Score
- 8.5
- Type
- server_side_request_forgery
- Status
- unconfirmed
CWE
- CWE-918
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N