What is CVE-2026-49491?

CVE-2026-49491 is a high-severity vulnerability in Pixastudio Pixa Bank, classified under SQL Injection. CVSS score: 8.2/10. Published 2026-06-01.

How severe is CVE-2026-49491?

High severity. CVSS v3 base score is 8.2 out of 10.

SQL Injection in Pixastudio Pixa Bank

CVE-2026-49491

Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNI…

Vulnerability class: SQL Injection

EPSS: 0.001 (20.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N.

Affected products

Pixastudio Pixa Bank — versions 2.0

Weakness classification (CWE)

CWE-89 — SQL Injection

References

disclosure@vulncheck.com (exploit)
disclosure@vulncheck.com (product)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2026-49491?: CVE-2026-49491 is a high-severity vulnerability in Pixastudio Pixa Bank, classified under SQL Injection. CVSS score: 8.2/10. Published 2026-06-01.
How severe is CVE-2026-49491?: High severity. CVSS v3 base score is 8.2 out of 10.