Skip to main content

Nelio Software Nelio AB Testing CVE-2026-25378

HIGH
SQL Injection (CWE-89)
2026-02-19 audit@patchstack.com
7.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.6 HIGH
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:03 vuln.today
CVE Published
Feb 19, 2026 - 09:16 nvd
HIGH 7.6

DescriptionCVE.org

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.4.

AnalysisAI

Blind SQL injection in Nelio AB Testing plugin version 8.2.4 and earlier enables authenticated attackers with high privileges to execute arbitrary SQL queries against the database. An attacker with administrative access could exploit this vulnerability to extract sensitive data or manipulate database contents, though availability impact is limited. No patch is currently available.

Technical ContextAI

Classified as CWE-89 (SQL Injection). Affects Nelio Software Nelio AB Testing nelio-ab-testing. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.4.

Affected ProductsAI

Product: Nelio Software Nelio AB Testing nelio-ab-testing.

RemediationAI

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

Share

CVE-2026-25378 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy