CRITICALCVE-2026-2409Published 2026-02-19Modified 2026-02-20CNA Delinea

CVE-2026-2409: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Delinea Cloud Suite allows Argument Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Delinea Cloud Suite allows Argument Injection.This issue affects Cloud Suite: before 25.2 HF1.

CVSS v4.0: 9.3
Severity: CRITICAL
Fixed in: 25.2 HF1
Affected Products: 1

Fix available

25.2 HF125.2 HF1 or later

Affected packages

Delinea / Cloud Suite
< 25.2 HF1 (from 0)
Fixed in 25.2 HF1 or later

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

References

docs.delinea.com
delinea.com

Metrics

Fix available