HIGHCVE-2026-6888Published 2026-05-13Modified 2026-05-13CNA CSA

CVE-2026-6888: SQL Injection Vulnerability

Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database.

CVSS v3.1: 7.2
Severity: HIGH
Fixed in: —
Affected Products: 8

Affected packages

Advantech / SaaS Composer
prior to version 3.4.17
Advantech / IoTSuite Growth Linux docker
prior to version 2.2.0
Advantech / IoTSuite Starter Linux docker
prior to version 2.2.0
Advantech / IoT Edge Linux docker
prior to version 2.2.0
Advantech / IoT Edge Windows
prior to version 2.2.0
Advantech / WebAccess/SCADA
prior to version 9.2.3
Advantech / WebAccess SaaS-Composer
prior to version 3.4.17.1
Advantech / ECOWatch SaaS-Composer
prior to version 3.4.17

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

csa.gov.sg

Metrics