SQL Injection Vulnerability_CVE-2026-6888

7.2 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to
execute arbitrary commands via a specific interface,
potentially enabling the attacker to access, modify, or delete sensitive
information within the database.

Basic Information

ID CVE-2026-6888

Source CSA

Published May 13, 2026 at 03:16

Affected Product

Vendor Advantech

Product SaaS Composer

Version prior to version 3.4.17

Affected Versions Advantech SaaS Composer prior to version 3.4.17
Advantech IoTSuite Growth Linux docker prior to version 2.2.0
Advantech IoTSuite Starter Linux docker prior to version 2.2.0
Advantech IoT Edge Linux docker prior to version 2.2.0
Advantech IoT Edge Windows prior to version 2.2.0
Advantech WebAccess/SCADA prior to version 9.2.3
Advantech WebAccess SaaS-Composer prior to version 3.4.17.1
Advantech ECOWatch SaaS-Composer prior to version 3.4.17

References

www.csa.gov.sg /alerts-and-advisories/alerts/al-2026-050/

{
    "lastseen": "",
    "description": "Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to\nexecute arbitrary commands via a specific interface,\npotentially enabling the attacker to access, modify, or delete sensitive\ninformation within the database.",
    "published": "2026-05-13T03:16:24.701Z",
    "modified": "2026-05-13T03:16:24.701Z",
    "type": "cve",
    "title": "SQL Injection Vulnerability",
    "source": "CSA",
    "references": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-050/",
    "id": "CVE-2026-6888",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Advantech SaaS Composer prior to version 3.4.17\nAdvantech IoTSuite Growth Linux docker prior to version 2.2.0\nAdvantech IoTSuite Starter Linux docker prior to version 2.2.0\nAdvantech IoT Edge Linux docker prior to version 2.2.0\nAdvantech IoT Edge Windows prior to version 2.2.0\nAdvantech WebAccess/SCADA prior to version 9.2.3\nAdvantech WebAccess SaaS-Composer prior to version 3.4.17.1\nAdvantech ECOWatch SaaS-Composer prior to version 3.4.17",
    "sourceHref": "",
    "cvss": {
        "score": 7.2,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SaaS Composer",
    "version": "prior to version 3.4.17",
    "vendor": "Advantech",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply