Which versions of Sunnet CTMS are affected by CVE-2026-7489?

Sunnet CTMS contains a high-severity SQL injection vulnerability (CVSS 8.7) that allows low-privileged authenticated users to execute arbitrary database commands, potentially exposing sensitive data…

Sunnet CTMS CVE-2026-7489

Q: What is the CVSS score of CVE-2026-7489?

CVE-2026-7489 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-26769 HIGH

SQL Injection (CWE-89)

2026-05-02 twcert

SQLi

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

May 02, 2026 - 10:29 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 02, 2026 - 10:22 vuln.today

cvss_changed

CVSS changed

May 02, 2026 - 10:22 NVD

8.8 (HIGH) 8.7 (HIGH)

Analysis Generated

May 02, 2026 - 10:00 vuln.today

EUVD ID Assigned

May 02, 2026 - 09:30 euvd

EUVD-2026-26769

Analysis Generated

May 02, 2026 - 09:30 vuln.today

CVE Published

May 02, 2026 - 09:02 nvd

HIGH 8.7

DescriptionNVD

CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

AnalysisAI

SQL injection in Sunnet CTMS allows authenticated remote attackers with low privileges to execute arbitrary SQL commands over the network. The vulnerability enables complete compromise of database integrity - reading sensitive data, modifying records, and deleting information. …

RemediationAI

Within 24 hours: Identify all Sunnet CTMS instances in your environment and document current versions; restrict network access to the application to essential users only and enable detailed logging of all database queries. Within 7 days: Implement database activity monitoring (DAM) to detect anomalous SQL patterns; review access logs for unauthorized queries since deployment. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7489 vulnerability details – vuln.today

Back

Sunnet CTMS CVE-2026-7489

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Sunnet CTMS CVE-2026-7489

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code