Skip to main content

Mobilmen 20T

2 CVEs product

Monthly

CVE-2026-2397 CRITICAL Act Now

SQL injection in Adam Retail Automation's MobilMen 20T retail-automation software (versions v3 through build 10072026) lets remote attackers inject arbitrary SQL through improperly neutralized input, yielding full read/write access to the backing database. Rated CVSS 9.8 by TR-CERT with an unauthenticated network-reachable vector, though no public exploit has been identified and it is not on CISA KEV. The vendor was contacted but did not respond, so no fix is available.

SQLi Mobilmen 20T
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-2398 HIGH This Week

Privilege escalation in Adam Retail Automation's MobilMen 20T (versions v3 through build 10072026) lets an authenticated low-privileged user manipulate a user-controlled key (CWE-639) to access resources or actions belonging to other, higher-privileged accounts. The flaw carries CVSS 8.8 and was reported by Turkey's national CERT (TR-CERT), but no public exploit identified at time of analysis and it is not in CISA KEV. The vendor was contacted but did not respond, so no coordinated fix is confirmed.

Authentication Bypass Privilege Escalation Mobilmen 20T
NVD
CVSS 3.1
8.8
EPSS
0.2%
EPSS 0% CVSS 9.8
CRITICAL Act Now

SQL injection in Adam Retail Automation's MobilMen 20T retail-automation software (versions v3 through build 10072026) lets remote attackers inject arbitrary SQL through improperly neutralized input, yielding full read/write access to the backing database. Rated CVSS 9.8 by TR-CERT with an unauthenticated network-reachable vector, though no public exploit has been identified and it is not on CISA KEV. The vendor was contacted but did not respond, so no fix is available.

SQLi Mobilmen 20T
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Privilege escalation in Adam Retail Automation's MobilMen 20T (versions v3 through build 10072026) lets an authenticated low-privileged user manipulate a user-controlled key (CWE-639) to access resources or actions belonging to other, higher-privileged accounts. The flaw carries CVSS 8.8 and was reported by Turkey's national CERT (TR-CERT), but no public exploit identified at time of analysis and it is not in CISA KEV. The vendor was contacted but did not respond, so no coordinated fix is confirmed.

Authentication Bypass Privilege Escalation Mobilmen 20T
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy