Vulnerability in Wakyma Application Web

CVE-2026-3021

Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the af…

EPSS: 0.000 (11.8th percentile) — read the EPSS interpretation.

Affected products

Wakyma Application Web — versions all versions

Weakness classification (CWE)

CWE-943 — Improper Neutralization of Special Elements in Data Query Logic

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wakyma-appl… (patch)