Anchore Enterprise CVE-2026-25076
HIGHSeverity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore Enterprise database.
AnalysisAI
CVE-2026-25076 is an SQL injection vulnerability in the GraphQL Reports API of Anchore Enterprise versions before 5.25.1, allowing authenticated attackers to execute arbitrary SQL commands and modify database contents. With a CVSS score of 7.3 and low EPSS score (0.02%), this vulnerability requires authentication and adjacent network access, making it a moderate priority for organizations using Anchore Enterprise in their container security infrastructure.
Technical ContextAI
The vulnerability exists in Anchore Enterprise, a container security and compliance platform that provides vulnerability scanning and policy enforcement for containerized applications. The SQL injection flaw (CWE-89) occurs in the GraphQL Reports API endpoint, where user-supplied input is not properly sanitized before being incorporated into SQL queries. GraphQL APIs are particularly susceptible to injection attacks when field resolvers directly construct SQL queries without proper parameterization. While no specific CPE identifiers were provided in the data, the affected product is Anchore Enterprise versions prior to 5.25.1.
Affected ProductsAI
Anchore Enterprise versions before 5.25.1 are affected. The vulnerability specifically impacts the GraphQL Reports API component within these versions. Organizations should inventory all Anchore Enterprise deployments and identify instances running versions earlier than 5.25.1. The vendor's main platform information is available at https://anchore.com/platform/.
RemediationAI
The primary remediation is to upgrade to Anchore Enterprise version 5.25.1 or later, which contains the fix for this SQL injection vulnerability. Full release notes and upgrade instructions are available at https://docs.anchore.com/current/docs/release_notes/enterprise/5251/. As an interim mitigation, organizations should restrict access to the GraphQL API to only trusted users and ensure proper network segmentation to enforce the adjacent network requirement. Monitor GraphQL API access logs for suspicious query patterns that might indicate exploitation attempts.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today