CVE-2026-21856 is a time-based blind SQL injection vulnerability identified in the-hideout's tarkov-data-manager, a tool used to manage item data for the game Escape from Tarkov. The flaw exists in the webhook edit and scanner API endpoints, which improperly neutralize special elements in SQL commands, allowing an authenticated attacker with high privileges to inject arbitrary SQL queries into the MySQL backend. This vulnerability is classified under CWE-89, indicating improper input sanitization leading to SQL injection. The injection is time-based blind, meaning attackers can infer data by measuring response delays, which can be exploited to extract sensitive information or manipulate the database. The vulnerability affects all versions up to 2.0.0 and was fixed in a specific commit (9bdb3a75a98a7047b6d70144eb1da1655d6992a8). The CVSS v3.1 score is 7.2, reflecting high severity due to network attack vector, low attack complexity, required high privileges, no user interaction, and full impact on confidentiality, integrity, and availability. Although no known exploits are currently in the wild, the vulnerability poses a significant risk to organizations using this software, especially if the API endpoints are exposed or if attackers can gain authenticated access.

For European organizations using the-hideout's tarkov-data-manager, this vulnerability could lead to severe consequences including unauthorized data disclosure, data manipulation, and potential service disruption. Since the vulnerability allows execution of arbitrary SQL commands, attackers could exfiltrate sensitive data, corrupt or delete records, or escalate privileges within the database environment. This could impact gaming companies, data analytics firms, or any service providers managing Tarkov item data, potentially leading to loss of intellectual property, customer trust, and regulatory penalties under GDPR if personal data is involved. The requirement for authenticated access limits exposure but does not eliminate risk, especially if credential compromise occurs. Additionally, disruption of data services could affect operational continuity and damage reputations. The vulnerability's exploitation could also serve as a foothold for further attacks within an organization's network.

Organizations should immediately update tarkov-data-manager to versions beyond 2.0.0 that include the patch from commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8. Access to the webhook edit and scanner API endpoints should be restricted using network segmentation, IP whitelisting, and strong authentication mechanisms such as multi-factor authentication. Conduct thorough credential audits to ensure no unauthorized access is possible. Implement Web Application Firewalls (WAFs) with rules to detect and block SQL injection attempts, specifically targeting time-based blind injection patterns. Regularly monitor logs for unusual query patterns or delays indicative of exploitation attempts. Employ least privilege principles for database users to minimize impact if compromise occurs. Finally, conduct security awareness training for administrators managing the tool to recognize and respond to suspicious activities promptly.