What is the CVSS score of CVE-2026-44204?

CVE-2026-44204 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-44204?

Yes, a patch is available for CVE-2026-44204. Update the affected software to the latest version immediately.

Shelf CVE-2026-44204

EUVD-2026-29728 MEDIUM

Improper Input Validation (CWE-20)

2026-05-12 security-advisories@github.com

SQLi

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Patch available

May 12, 2026 - 19:18 EUVD

CVE Published

May 12, 2026 - 18:17 nvd

MEDIUM 6.5

DescriptionNVD

Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user (any role) to execute arbitrary SQL and read data from any table in the database, including data belonging to other organizations. This vulnerability is fixed in 1.20.1.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-44204 vulnerability details – vuln.today

Back

Shelf CVE-2026-44204

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Full analysis requires sign-in

Share

External POC / Exploit Code