CVE-2026-54813 describes an improper neutralization of special elements used in an SQL command (SQL Injection) vulnerability in Brainstorm Force SureDash. This vulnerability allows blind SQL injection attacks, enabling an attacker with network access and low privileges to execute unauthorized SQL queries remotely. The vulnerability affects SureDash versions up to 1.8.0. The CVSS 3.1 base score is 8.5, reflecting high severity with network attack vector, low attack complexity, low privileges required, no user interaction, scope change, high confidentiality impact, no integrity impact, and low availability impact. No vendor advisory or patch information is available, and no known exploits in the wild have been reported.

An attacker with low privileges can exploit this vulnerability remotely over the network to perform blind SQL injection attacks. This can lead to unauthorized disclosure of sensitive information (high confidentiality impact) and limited disruption of service (low availability impact). The integrity of the database is not impacted according to the CVSS vector. The scope is changed, indicating that the vulnerability affects components beyond the initially vulnerable component.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider restricting network access to the affected SureDash installation and monitor for unusual database queries. Avoid exposing the vulnerable application to untrusted networks. Do not rely on generic mitigations unless specifically recommended by the vendor.