Home / Vulnerability Intelligence / CVE-2026-41462

CVE-2026-41462 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 27, 2026

ProjeQtor - SQL Injection

Published: April 27, 2026Updated: April 27, 2026Remote Exploitable

Overview

ProjeQtor 7.0 through 12.4.3 contains an SQL injection caused by unsanitized concatenation of the login variable in the authentication endpoint, letting unauthenticated attackers create privileged accounts, read data, and execute OS commands.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Unauthenticated attackers can create privileged accounts, access sensitive data, and execute OS commands, potentially leading to full system compromise.

Mitigation

Upgrade to a version later than 12.4.3 or the latest available version.

References

https://damiri.fr/en/cves/CVE-2026-41462
https://gryfman.fr/cves/CVE-2026-41462
https://www.projeqtor.com
https://www.vulncheck.com/advisories/projeqtor-unauthenticated-sql-injection-via-login

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-41462
Severity: Critical
CVSS Score: 9.8
Type: sql_injection
Status: rejected

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H