CVE-2025-26086
Last modified
CVE-2025-26086 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction of sensitive database contents without authentication.. EPSS estimates a 10.97% chance of exploitation in the next 30 days.
Description
An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction of sensitive database contents without authentication.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rsiqueue | Management System | 3.0 |
References
- https://seclists.org/fulldisclosure/2025/May/21Mailing List
- http://seclists.org/fulldisclosure/2025/May/21Mailing List
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-26086?
How severe is CVE-2025-26086?
How do I fix CVE-2025-26086?
Are you affected by CVE-2025-26086?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST