CVE-2026-31952: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in xibosignage xibo-cms
Xibo CMS versions 1. 7 through 4. 4. 0 contain an SQL injection vulnerability in the API routes responsible for filtering DataSets. This flaw allows an authenticated user with specific privileges to inject malicious SQL commands via the API filter parameter, potentially leading to unauthorized data access and modification. The issue is fixed in version 4. 4. 1. Customers hosting CMS with Xibo Signage have been patched for supported versions. Upgrading to version 4.
AI Analysis
Technical Summary
CVE-2026-31952 is an SQL injection vulnerability (CWE-89) in the Xibo CMS API filtering functionality affecting versions 1.7 up to 4.4.0. Authenticated users with either 'Access to DataSet Feature' or 'Access to the Layout Feature' privileges can exploit this by injecting specially crafted input into the API filter parameter, enabling unauthorized reading and modification of database content. The vulnerability is addressed in Xibo CMS version 4.4.1, with patches also available for older supported versions. Xibo Signage customers hosting the CMS have been patched for versions 4.4, 4.3, 3.3, 2.3, and 1.8.
Potential Impact
Successful exploitation allows an authenticated user with limited privileges to perform SQL injection attacks, leading to unauthorized disclosure and modification of data within the Xibo CMS database. The CVSS 3.1 base score is 7.6 (High), reflecting network attack vector, low attack complexity, required privileges, no user interaction, and high confidentiality impact with limited integrity and availability impact.
Mitigation Recommendations
Upgrade Xibo CMS to version 4.4.1 or later to remediate this vulnerability. For customers hosting CMS with Xibo Signage, patches have already been applied for supported versions including 4.4, 4.3, 3.3, 2.3, and 1.8. Applying these official patches or upgrades is necessary to fully mitigate the risk. No other vendor advisories indicate alternative mitigations or that no action is required.
CVE-2026-31952: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in xibosignage xibo-cms
Description
Xibo CMS versions 1. 7 through 4. 4. 0 contain an SQL injection vulnerability in the API routes responsible for filtering DataSets. This flaw allows an authenticated user with specific privileges to inject malicious SQL commands via the API filter parameter, potentially leading to unauthorized data access and modification. The issue is fixed in version 4. 4. 1. Customers hosting CMS with Xibo Signage have been patched for supported versions. Upgrading to version 4.
CVSS v3.1
Score 7.6high
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-31952 is an SQL injection vulnerability (CWE-89) in the Xibo CMS API filtering functionality affecting versions 1.7 up to 4.4.0. Authenticated users with either 'Access to DataSet Feature' or 'Access to the Layout Feature' privileges can exploit this by injecting specially crafted input into the API filter parameter, enabling unauthorized reading and modification of database content. The vulnerability is addressed in Xibo CMS version 4.4.1, with patches also available for older supported versions. Xibo Signage customers hosting the CMS have been patched for versions 4.4, 4.3, 3.3, 2.3, and 1.8.
Potential Impact
Successful exploitation allows an authenticated user with limited privileges to perform SQL injection attacks, leading to unauthorized disclosure and modification of data within the Xibo CMS database. The CVSS 3.1 base score is 7.6 (High), reflecting network attack vector, low attack complexity, required privileges, no user interaction, and high confidentiality impact with limited integrity and availability impact.
Mitigation Recommendations
Upgrade Xibo CMS to version 4.4.1 or later to remediate this vulnerability. For customers hosting CMS with Xibo Signage, patches have already been applied for supported versions including 4.4, 4.3, 3.3, 2.3, and 1.8. Applying these official patches or upgrades is necessary to fully mitigate the risk. No other vendor advisories indicate alternative mitigations or that no action is required.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-10T15:10:10.657Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69eab7a187115cfb68850e1f
Added to database: 4/24/2026, 12:21:53 AM
Last enriched: 5/1/2026, 8:45:56 PM
Last updated: 6/7/2026, 8:27:42 AM
Views: 56
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.