LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-5964

CVE-2026-5964 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 20, 2026

Digiwin EasyFlow .NET - SQL Injection

Published: April 20, 2026Updated: April 20, 2026Remote Exploitable

Overview

Digiwin EasyFlow .NET contains a sql injection caused by improper input sanitization, letting unauthenticated remote attackers inject arbitrary SQL commands to read, modify, and delete database contents, exploit requires no special privileges.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 8.1%(Probability of exploitation in next 30 days)

Impact

Unauthenticated remote attackers can read, modify, and delete database contents, potentially compromising the entire database.

Mitigation

Update to the latest version of EasyFlow .NET.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Apr 20, 2026

šŸ”“ CVE-2026-5964 - Critical (9.8) EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-5964/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
OffSequence
OffSequence
@offseq
Apr 20, 2026

āš ļø CVE-2026-5964: Digiwin EasyFlow .NET (6.1.*, 6.6.*, 8.1.1) has a CRITICAL SQL injection flaw. Unauthenticated attackers can access or alter DB data. Patch status unknown ā€” check the vendor. Deploy WAFs & monitor activity! https://radar.offseq.com/threat/cve-2026-5964-cwe-89-improper-neutralization-of-sp-398bc6f6 #OffSeq #SQLInjection #Infosec

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Apr 20, 2026

šŸ”“ CVE-2026-5964 - Critical (9.8) EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-5964/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
OffSequence
OffSequence
@offseq
Apr 20, 2026

āš ļø CVE-2026-5964: Digiwin EasyFlow .NET (6.1.*, 6.6.*, 8.1.1) has a CRITICAL SQL injection flaw. Unauthenticated attackers can access or alter DB data. Patch status unknown ā€” check the vendor. Deploy WAFs & monitor activity! https://radar.offseq.com/threat/cve-2026-5964-cwe-89-improper-neutralization-of-sp-398bc6f6 #OffSeq #SQLInjection #Infosec

View original post

Related Resources

Details

CVE ID
CVE-2026-5964
Severity
Critical
CVSS Score
9.8
Type
sql_injection
Status
unconfirmed
EPSS
8.1%
Social Posts
4

CWE

  • CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

8.1%Probability of exploitation in the next 30 days