How is CVE-2026-53690 exploited?

Network reachability (required): The vulnerable endpoint is exposed over the network; an attacker must be able to reach the target host via HTTP to send a crafted POST request to /admin/index.php. Authentication (not-required): The injection point is the login form itself, so no account or session token is needed before the attacker can send a malicious payload. Victim interaction (not-required): The attack is fully server-side; no user needs to click a link, open a file, or take any action for exploitation to succeed. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and requires no special timing, race conditions, or environmental preconditions beyond network access to the login endpoint.

What is the impact of CVE-2026-53690?

A successful attacker reads arbitrary rows from the database, including stored credentials, session tokens, and any personal or customer data the application persists. The attacker can modify or delete persisted database records, altering application state, user accounts, or content managed by the CMS. Database availability impact is rated low, meaning query disruption or partial denial of database service is possible but not the primary risk.

Back to search

CRITICALCVE-2026-53690Published 2026-06-30Modified 2026-06-30CNA CERT-PL

CVE-2026-53690: SQL Injection in Redeight CMS

An SQL Injection vulnerability exists in Redeight CMS version 1.0 via the "userEmail" parameter in the POST "/admin/index.php" login endpoint. The application fails to sanitize user input and directly interpolates it into SQL queries without using prepared statements, which allows unauthenticated remote attackers to execute arbitrary SQL commands and extract sensitive database information.

CVSS v4.0: 9.3
Severity: CRITICAL
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

An SQL injection vulnerability exists in Redeight CMS version 1.0, affecting the login endpoint's userEmail parameter. The flaw is reachable over the network with no authentication required, as derived from the CVSS v4.0 vector (AV:N, PR:N, UI:N). Successful exploitation allows a remote attacker to execute arbitrary SQL commands against the underlying database, extracting or tampering with stored data. No fix version has been published; HarborGuard tracks this advisory and will make a patched rebuild available as soon as the upstream maintainer ships one.

HarborGuard Coverage

Detection

Detection of CVE-2026-53690 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream feeds including CERT-PL, covering both third-party and custom-built images that include Redeight CMS 1.0. Any image layer or package manifest that resolves to the affected version is flagged automatically.

Available

Triage

HarborGuard is capable of scoring this finding at CVSS v4.0 9.3 (Critical) and weighting it against each customer org's compliance policy to determine escalation priority. Routing to the appropriate team inbox within each customer environment is available based on image ownership and policy configuration.

Available

Patch

Because no fix version has been published by the Redeight maintainer, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix is released. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be triggered automatically at that point.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The vulnerable endpoint is exposed over the network; an attacker must be able to reach the target host via HTTP to send a crafted POST request to /admin/index.php.
AuthenticationNot required
The injection point is the login form itself, so no account or session token is needed before the attacker can send a malicious payload.
Victim interactionNot required
The attack is fully server-side; no user needs to click a link, open a file, or take any action for exploitation to succeed.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special timing, race conditions, or environmental preconditions beyond network access to the login endpoint.

Blast Radius

A successful attacker reads arbitrary rows from the database, including stored credentials, session tokens, and any personal or customer data the application persists.
The attacker can modify or delete persisted database records, altering application state, user accounts, or content managed by the CMS.
Database availability impact is rated low, meaning query disruption or partial denial of database service is possible but not the primary risk.

How HarborGuard Handles This

Available on HarborGuard: this CVE is ingested from the CERT-PL feed and matched against all customer images carrying Redeight CMS 1.0 within minutes of publication. Because no upstream fix exists yet, HarborGuard monitors the advisory on every ingest cycle and will surface a patched-image rebuild the moment a fixed version is released; for customers with auto-remediation enabled, that triggers an immediate rebuild, regression test run, and PR against affected workloads without manual intervention. In the interim, compensating controls worth considering include network-policy rules that restrict access to the /admin/ path to trusted source IPs only, web application firewall rules that block SQL metacharacters in POST body parameters, and disabling the admin login endpoint entirely if it is not required to be internet-facing. These mitigations reduce exposure but do not eliminate the underlying flaw, so monitoring for the upstream patch remains the primary recommended action.

See how HarborGuard automates this

Affected packages

Redeight / Redeight CMS
1.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

References

cert.pl

Metrics

Get notified