CVE-2026-2409 | THREATINT

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Delinea Cloud Suite allows Argument Injection.This issue affects Cloud Suite: before 25.2 HF1.

PUBLISHED Reserved 2026-02-12 | Published 2026-02-19 | Updated 2026-02-20 | Assigner Delinea

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status

unaffected

Any version before 25.2 HF1

affected

25.2 HF1 or later

unaffected

Credits

Jess Parker (jparker@calottery.com) finder

Radu Enachi (renachi@calottery.com) finder

References

docs.delinea.com/...suite/release-notes/cloud-suite/25.2.htm

delinea.com/security-advisories

cve.org (CVE-2026-2409)

nvd.nist.gov (CVE-2026-2409)

Download JSON