What is the CVSS score of CVE-2026-46622?

CVE-2026-46622 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of SolidInvoice are affected by CVE-2026-46622?

SolidInvoice versions prior to 2.3.17 store API authentication tokens in plaintext within the application database, creating a high-risk path to account compromise if database access is breached.. A patch is available.

How to fix or mitigate CVE-2026-46622?

Within 24 hours: Inventory all SolidInvoice deployments and verify versions; assess database access controls and network segmentation. Within 7 days: Upgrade all affected instances to version 2.3.17 (commit 8645391) and rotate all API tokens after upgrade completes. Within 30 days: Confirm patching completion across the entire environment; audit database access logs for unauthorized activity; validate that token hashing is active in production.

SolidInvoice CVE-2026-46622

EUVD-2026-36301 HIGH

Cleartext Storage of Sensitive Information (CWE-312)

2026-06-11 GitHub_M

SQLi Solidinvoice

8.1

CVSS 3.1 · Vendor: GitHub_M

Severity by source

Vendor (GitHub_M) PRIMARY

8.1 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

vuln.today AI

6.5 MEDIUM

Exploitation presupposes attacker-controlled database read access (modeled as PR:H), after which token reuse over the network is trivial (AV:N/AC:L) with full read/write API impact and no availability effect.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch available

Jun 11, 2026 - 21:02 EUVD

Source Code Evidence Fetched

Jun 11, 2026 - 20:22 vuln.today

Analysis Generated

Jun 11, 2026 - 20:22 vuln.today

DescriptionCVE.org

SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the api_tokens database table. Any attacker who obtains read access to the database - through SQL injection, a leaked backup, a misconfigured replica, or insider access - immediately obtains all API credentials for every user with no further effort. This issue has been patched in version 2.3.17.

AnalysisAI

Plaintext credential exposure in SolidInvoice open-source invoicing platform prior to 2.3.17 allows any actor with read access to the application database to harvest every user's REST API token directly from the api_tokens table. Because tokens are stored unhashed, secondary exposures such as SQL injection, stolen backups, replicated databases, or insider access become full account-takeover paths against the API. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Obtain DB read access (SQLi/backup/replica)

Delivery

Dump api_tokens table

Exploit

Extract plaintext tokens

Execution

Authenticate to REST API as victim users

Impact

Read or modify invoicing data

Access

Obtain DB read access (SQLi/backup/replica)

Delivery

Dump api_tokens table

Exploit

Extract plaintext tokens

Execution

Authenticate to REST API as victim users

Impact

Read or modify invoicing data

Vulnerability AssessmentAI

Exploitation	The attacker must first obtain read access to the api_tokens table of the SolidInvoice database - via a separate SQL injection in SolidInvoice or a co-hosted app, an exposed or stolen database backup, a misconfigured replica, or insider database access. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/C:H/I:H/A:N, 8.1) reflects that the vulnerability itself is realized only after a separate compromise grants database read - PR:L is essentially a stand-in for that prior access rather than an application-level role. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker exploits an unrelated SQL injection in another component, dumps the api_tokens table, and immediately replays the plaintext values against SolidInvoice's REST API as any user - bypassing password and MFA. Equivalent outcomes follow from obtaining a recent database backup left on shared storage or accessing a misconfigured read replica. …
Remediation	Vendor-released patch: upgrade SolidInvoice to 2.3.17 or later (https://github.com/SolidInvoice/SolidInvoice/releases/tag/2.3.17), which ships the Version20317 migration that re-hashes existing rows in place so issued tokens keep working. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all SolidInvoice deployments and verify versions; assess database access controls and network segmentation. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-46489 HIGH This Week

8.1 Jun 11

Stored cross-site scripting in SolidInvoice prior to 2.3.17 allows an authenticated administrator to upload a malicious

CVE-2026-46622 vulnerability details – vuln.today

Back