CVE-2026-31952: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in xibosignage xibo-cms
Xibo CMS versions 1. 7 through 4. 4. 0 contain an SQL injection vulnerability in API routes responsible for filtering DataSets. This flaw allows an authenticated user with specific privileges to inject malicious SQL commands via the API filter parameter, potentially leading to unauthorized data access and modification. The vulnerability is fixed in version 4. 4. 1. Customers hosting CMS with Xibo Signage have been patched for supported versions. Upgrading to version 4.
AI Analysis
Technical Summary
CVE-2026-31952 is an SQL injection vulnerability (CWE-89) in the Xibo CMS platform affecting versions from 1.7 up to but not including 4.4.1. The vulnerability exists in API routes that handle filtering of DataSets, allowing authenticated users with either 'Access to DataSet Feature' or 'Access to the Layout Feature' privileges to inject specially crafted values into the API filter parameter. This injection can be used to obtain and modify arbitrary data within the Xibo database. The issue is resolved in version 4.4.1, and patches are also available for older unsupported versions (3.3, 2.3, 1.8). Customers using the hosted CMS service have been patched for supported versions.
Potential Impact
An authenticated user with certain privileges can exploit this vulnerability to perform SQL injection attacks, leading to unauthorized disclosure and modification of data in the Xibo CMS database. The CVSS score of 7.6 (high severity) reflects the network attack vector with low attack complexity but requiring privileges. The impact includes high confidentiality loss, limited integrity loss, and limited availability loss.
Mitigation Recommendations
Upgrade affected Xibo CMS instances to version 4.4.1 or later, which contains the official fix for this vulnerability. For users on older unsupported versions (3.3, 2.3, 1.8), apply the available patches provided by the vendor. Customers using the Xibo Signage hosted CMS service have already been patched by the vendor. No other mitigation steps are indicated beyond upgrading or patching.
CVE-2026-31952: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in xibosignage xibo-cms
Description
Xibo CMS versions 1. 7 through 4. 4. 0 contain an SQL injection vulnerability in API routes responsible for filtering DataSets. This flaw allows an authenticated user with specific privileges to inject malicious SQL commands via the API filter parameter, potentially leading to unauthorized data access and modification. The vulnerability is fixed in version 4. 4. 1. Customers hosting CMS with Xibo Signage have been patched for supported versions. Upgrading to version 4.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-31952 is an SQL injection vulnerability (CWE-89) in the Xibo CMS platform affecting versions from 1.7 up to but not including 4.4.1. The vulnerability exists in API routes that handle filtering of DataSets, allowing authenticated users with either 'Access to DataSet Feature' or 'Access to the Layout Feature' privileges to inject specially crafted values into the API filter parameter. This injection can be used to obtain and modify arbitrary data within the Xibo database. The issue is resolved in version 4.4.1, and patches are also available for older unsupported versions (3.3, 2.3, 1.8). Customers using the hosted CMS service have been patched for supported versions.
Potential Impact
An authenticated user with certain privileges can exploit this vulnerability to perform SQL injection attacks, leading to unauthorized disclosure and modification of data in the Xibo CMS database. The CVSS score of 7.6 (high severity) reflects the network attack vector with low attack complexity but requiring privileges. The impact includes high confidentiality loss, limited integrity loss, and limited availability loss.
Mitigation Recommendations
Upgrade affected Xibo CMS instances to version 4.4.1 or later, which contains the official fix for this vulnerability. For users on older unsupported versions (3.3, 2.3, 1.8), apply the available patches provided by the vendor. Customers using the Xibo Signage hosted CMS service have already been patched by the vendor. No other mitigation steps are indicated beyond upgrading or patching.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-10T15:10:10.657Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69eab7a187115cfb68850e1f
Added to database: 4/24/2026, 12:21:53 AM
Last enriched: 4/24/2026, 12:36:29 AM
Last updated: 4/24/2026, 7:07:50 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.