LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-5963

CVE-2026-5963 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 20, 2026

Digiwin EasyFlow .NET - SQL Injection

Published: April 20, 2026Updated: April 20, 2026Remote Exploitable

Overview

Digiwin EasyFlow .NET contains a sql injection caused by unsanitized input, letting unauthenticated remote attackers read, modify, and delete database contents.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 8.1%(Probability of exploitation in next 30 days)

Impact

Unauthenticated remote attackers can read, modify, and delete database contents, potentially compromising data integrity and confidentiality.

Mitigation

Update to the latest version.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Apr 20, 2026

šŸ”“ CVE-2026-5963 - Critical (9.8) EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-5963/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
OffSequence
OffSequence
@offseq
Apr 20, 2026

šŸšØ CRITICAL: SQL Injection (CVE-2026-5963) in Digiwin EasyFlow .NET (6.1.*, 6.6.*, 8.1.1) allows unauthenticated attackers DB access & control. No patch yet ā€” restrict exposure & monitor closely. Details: https://radar.offseq.com/threat/cve-2026-5963-cwe-89-improper-neutralization-of-sp-69f9977c #OffSeq #SQLInjection #Vuln

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Apr 20, 2026

šŸ”“ CVE-2026-5963 - Critical (9.8) EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-5963/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
OffSequence
OffSequence
@offseq
Apr 20, 2026

šŸšØ CRITICAL: SQL Injection (CVE-2026-5963) in Digiwin EasyFlow .NET (6.1.*, 6.6.*, 8.1.1) allows unauthenticated attackers DB access & control. No patch yet ā€” restrict exposure & monitor closely. Details: https://radar.offseq.com/threat/cve-2026-5963-cwe-89-improper-neutralization-of-sp-69f9977c #OffSeq #SQLInjection #Vuln

View original post

Related Resources

Details

CVE ID
CVE-2026-5963
Severity
Critical
CVSS Score
9.8
Type
sql_injection
Status
unconfirmed
EPSS
8.1%
Social Posts
4

CWE

  • CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

8.1%Probability of exploitation in the next 30 days