What is CVE-2026-40529?

CVE-2026-40529 is a medium-severity vulnerability in Kanata Limited Cms Alaya, classified under SQL Injection. CVSS score: 4.7/10. Published 2026-04-23.

How severe is CVE-2026-40529?

Medium severity. CVSS v3 base score is 4.7 out of 10.

SQL Injection in Kanata Limited Cms Alaya

CVE-2026-40529

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface.

Vulnerability class: SQL Injection

EPSS: 0.000 (11.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.7 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L.

Affected products

Kanata Limited Cms Alaya — versions 7.4.1.4 and earlier

Weakness classification (CWE)

CWE-89 — SQL Injection

References

jvn.jp/en/jp/JVN08026319/

Frequently asked questions

What is CVE-2026-40529?: CVE-2026-40529 is a medium-severity vulnerability in Kanata Limited Cms Alaya, classified under SQL Injection. CVSS score: 4.7/10. Published 2026-04-23.
How severe is CVE-2026-40529?: Medium severity. CVSS v3 base score is 4.7 out of 10.