CVE-2026-40817

HIGH

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

CVSS v3.1 Score

7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Complexity
LOW
Privileges
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE
Published: 5/27/2026Modified: 5/27/2026

Related Intelligence (1)

HIGHVulnerability

NVD HIGH: CVE-2026-40817 — An unauthenticated remote attacker can exploit an unauthenticated SQL Injection ...

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

CVE-2026-40817
NIST NVD

References (1)

https://www.certvde.com/en/advisories/VDE-2026-044/