Skip to main content

Mac Sql EUVD-2026-19119

| CVE-2026-5587 LOW
SQL Injection (CWE-89)
2026-04-05 VulDB
SQLi Mac Sql
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
5.3 (MEDIUM) 2.1 (LOW)
PoC Detected
Apr 07, 2026 - 13:20 vuln.today
Public exploit code
EUVD ID Assigned
Apr 05, 2026 - 18:30 euvd
EUVD-2026-19119
Analysis Generated
Apr 05, 2026 - 18:30 vuln.today
CVE Published
Apr 05, 2026 - 18:15 nvd
MEDIUM 5.3

DescriptionCVE.org

A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769be57a4b9022e5e34a14f4. This affects the function _execute_sql of the file core/agents.py of the component Refiner Agent. The manipulation leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

SQL injection in wbbeyourself MAC-SQL via the _execute_sql function in core/agents.py (Refiner Agent component) allows authenticated remote attackers to execute arbitrary SQL queries, potentially compromising data confidentiality, integrity, and availability. The vulnerability affects all versions up to commit 31a9df5e0d520be4769be57a4b9022e5e34a14f4, with publicly available exploit code and CVSS 6.3 (medium severity). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment The CVSS score of 6.3 reflects medium severity, but multiple signals warrant attention: the vulnerability is publicly exploitable (POC available per VulDB and GitHub), requires only low-level authentication (PR:L), has low attack complexity (AC:L), and can be exploited over the network (AV:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated user with low-level privileges on a wbbeyourself MAC-SQL instance could inject malicious SQL code through the Refiner Agent's _execute_sql function to extract sensitive data, modify records, or execute unintended database operations. Since attack complexity is low (AC:L) and user interaction is not required (UI:N), exploitation is straightforward for any user with valid credentials. …
Remediation Users of wbbeyourself MAC-SQL should immediately patch by updating to a version beyond commit 31a9df5e0d520be4769be57a4b9022e5e34a14f4. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-19119 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy