SQL Injection in Umami Software Application
CVE-2026-4317
SQL inyection (SQLi) vulnerability in Umami Software web application through an improperly sanitized parameter, which could allow an authenticated attacker to execute arbitrary SQL commands in the database.Specifically, they could manipula…
Vulnerability class: SQL Injection
EPSS: 0.000 (5.7th percentile) — read the EPSS interpretation.
Affected products
- Umami Software Application — versions 3.0.2
Weakness classification (CWE)
References
- cve-coordination@incibe.es (patch)