CVE-2026-45779: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in ubccr xdmod
Open XDMoD versions prior to 10. 0. 3 contain a critical SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL commands. This vulnerability can lead to complete compromise of the underlying database. The issue was discovered on August 3, 2023, and patched in version 10. 0. 3 on August 4, 2023. There is currently no evidence of exploitation in the wild. Users should apply the official patch to remediate this vulnerability.
AI Analysis
Technical Summary
CVE-2026-45779 is a critical SQL injection vulnerability (CWE-89) in Open XDMoD prior to version 10.0.3. It allows unauthenticated remote attackers to execute arbitrary SQL statements against the backend database, potentially leading to full database compromise. The vulnerability requires no authentication or user interaction. It was discovered on 2023-08-03 and patched promptly in version 10.0.3 on 2023-08-04. The CVSS 4.0 base score is 9.3, reflecting its critical severity and ease of exploitation.
Potential Impact
Successful exploitation can result in complete compromise of the Open XDMoD database, including unauthorized data access, modification, or deletion. Because no authentication is required, the attack surface is broad, increasing risk to all affected deployments prior to version 10.0.3. No known exploitation in the wild has been reported to date.
Mitigation Recommendations
An official patch fixing this vulnerability was released in Open XDMoD version 10.0.3 on 2023-08-04. Users should upgrade to version 10.0.3 or later to remediate this issue. As a workaround, manual patching is possible. Patch status is confirmed by the vendor advisory. No additional mitigation steps are indicated.
CVE-2026-45779: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in ubccr xdmod
Description
Open XDMoD versions prior to 10. 0. 3 contain a critical SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL commands. This vulnerability can lead to complete compromise of the underlying database. The issue was discovered on August 3, 2023, and patched in version 10. 0. 3 on August 4, 2023. There is currently no evidence of exploitation in the wild. Users should apply the official patch to remediate this vulnerability.
CVSS v4.0
Score 9.3critical
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-45779 is a critical SQL injection vulnerability (CWE-89) in Open XDMoD prior to version 10.0.3. It allows unauthenticated remote attackers to execute arbitrary SQL statements against the backend database, potentially leading to full database compromise. The vulnerability requires no authentication or user interaction. It was discovered on 2023-08-03 and patched promptly in version 10.0.3 on 2023-08-04. The CVSS 4.0 base score is 9.3, reflecting its critical severity and ease of exploitation.
Potential Impact
Successful exploitation can result in complete compromise of the Open XDMoD database, including unauthorized data access, modification, or deletion. Because no authentication is required, the attack surface is broad, increasing risk to all affected deployments prior to version 10.0.3. No known exploitation in the wild has been reported to date.
Mitigation Recommendations
An official patch fixing this vulnerability was released in Open XDMoD version 10.0.3 on 2023-08-04. Users should upgrade to version 10.0.3 or later to remediate this issue. As a workaround, manual patching is possible. Patch status is confirmed by the vendor advisory. No additional mitigation steps are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-13T07:45:21.251Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a232f27e29bf47b50baaf07
Added to database: 6/5/2026, 8:18:47 PM
Last enriched: 6/5/2026, 8:33:28 PM
Last updated: 6/5/2026, 9:22:12 PM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.