CVE 9.3 CRITICAL

Digiwin｜EasyFlow .NET – SQL Injection_CVE-2026-5963

April 20, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

AI Analysis

SQL Injection vulnerability allowing remote attackers to inject arbitrary SQL commands

Basic Information

ID CVE-2026-5963

Source twcert

Published Apr 20, 2026 at 07:32

Modified Apr 20, 2026 at 07:33

Affected Product

Vendor Digiwin

Product EasyFlow .NET

Version 6.1.*

Affected Versions Digiwin EasyFlow .NET 6.1.*
Digiwin EasyFlow .NET 6.6.*
Digiwin EasyFlow .NET 8.1.1

CWE Classification

CWE-89

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Digiwin

Product EasyFlow .NET

Version 6.1.*, 6.6.*, 8.1.1

References

{
    "lastseen": "",
    "description": "EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.",
    "published": "2026-04-20T07:32:20.443Z",
    "modified": "2026-04-20T07:33:10.714Z",
    "type": "cve",
    "title": "Digiwin\uff5cEasyFlow .NET - SQL Injection",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10831-a734d-1.html\nhttps://www.twcert.org.tw/en/cp-139-10832-05f3a-2.html",
    "id": "CVE-2026-5963",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Digiwin EasyFlow .NET 6.1.*\nDigiwin EasyFlow .NET 6.6.*\nDigiwin EasyFlow .NET 8.1.1",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EasyFlow .NET",
    "version": "6.1.*",
    "vendor": "Digiwin",
    "ai_description": "SQL Injection vulnerability allowing remote attackers to inject arbitrary SQL commands",
    "ai_severity": "Critical",
    "ai_vendor": "Digiwin",
    "ai_product": "EasyFlow .NET",
    "ai_version": "6.1.*, 6.6.*, 8.1.1",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply