SQL Injection in Worklenz

CVE-2026-25947

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpo…

Vulnerability class: SQL Injection

EPSS: 0.004 (27.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-25947?
CVE-2026-25947 is a high-severity vulnerability in Worklenz, classified under SQL Injection. CVSS score: 8.8/10. Published 2026-02-10.
How severe is CVE-2026-25947?
High severity. CVSS v3 base score is 8.8 out of 10.