SQL Injection in Raytha

CVE-2026-12076

Raytha CMS is vulnerable to SQL Injection within the OData filter parsing pipeline.  The vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL statements against the underlying PostgreSQL database, leading to f…

Vulnerability class: SQL Injection

EPSS: 0.004 (34.5th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References