CVE-2026-6093 | THREATINT

Description

Corteza contains a SQL injection vulnerability in its Microsoft SQL Server (MSSQL) backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8.

PUBLISHED Reserved 2026-04-10 | Published 2026-05-11 | Updated 2026-05-11 | Assigner Fluid Attacks

MEDIUM: 6.0CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status

unaffected

2024.9.8

affected

Credits

Fluid Attacks' AI SAST Scanner finder

Oscar Uribe finder

References

fluidattacks.com/es/advisories/motley exploit

fluidattacks.com/es/advisories/motley third-party-advisory

github.com/cortezaproject/corteza product

cve.org (CVE-2026-6093)

nvd.nist.gov (CVE-2026-6093)

Download JSON