What is CVE-2026-6629?

CVE-2026-6629 is a high-severity vulnerability in Metasoft 美特软件 Metacrm, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 7.3/10. Published 2026-04-20.

How severe is CVE-2026-6629?

High severity. CVSS v3 base score is 7.3 out of 10.

SQL Injection in Metasoft 美特软件 Metacrm

CVE-2026-6629

A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injecti…

EPSS: 0.000 (12.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.

Affected products

Metasoft 美特软件 Metacrm — versions 6.0, 6.1, 6.2

Weakness classification (CWE)

References

VDB-358263 | Metasoft 美特软件 MetaCRM Interface sql.jsp Statement.executeUpdate sql injection (technical-description, vdb-entry)
VDB-358263 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #792615 | Beijing Meite Software Technology Co., Ltd. MetaCRM6 <6.4.0 SQL Injection (third-party-advisory)
cna@vuldb.com (exploit)

Frequently asked questions

What is CVE-2026-6629?: CVE-2026-6629 is a high-severity vulnerability in Metasoft 美特软件 Metacrm, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 7.3/10. Published 2026-04-20.
How severe is CVE-2026-6629?: High severity. CVSS v3 base score is 7.3 out of 10.