What is CVE-2026-25076?

CVE-2026-25076 is a high-severity vulnerability in Anchore Enterprise, classified under SQL Injection. CVSS score: 7.3/10. Published 2026-03-12.

How severe is CVE-2026-25076?

High severity. CVSS v3 base score is 7.3 out of 10.

SQL Injection in Anchore Enterprise

CVE-2026-25076

Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modificatio…

Vulnerability class: SQL Injection

EPSS: 0.000 (11.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Anchore Enterprise — versions 0

Weakness classification (CWE)

CWE-89 — SQL Injection

References

Anchore Enterprise Release Notes - Version 5.25.1 (release-notes, patch)
anchore.com/platform/ (product)
VulnCheck Advisory: Anchore Enterprise GraphQL Reports API SQL injection (third-party-advisory)

Frequently asked questions

What is CVE-2026-25076?: CVE-2026-25076 is a high-severity vulnerability in Anchore Enterprise, classified under SQL Injection. CVSS score: 7.3/10. Published 2026-03-12.
How severe is CVE-2026-25076?: High severity. CVSS v3 base score is 7.3 out of 10.