CVE-2026-25947
Last modified
CVE-2026-25947 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocation and scheduling features. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocation and scheduling features. The vulnerability has been patched in version v2.1.7.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Worklenz | Worklenz | < 2.1.7 |
References
- https://github.com/Worklenz/worklenz/releases/tag/v2.1.7Product, Release Notes
- https://github.com/Worklenz/worklenz/security/advisories/GHSA-f2f8-2ppj-85pfExploit, Mitigation, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-25947?
How severe is CVE-2026-25947?
How do I fix CVE-2026-25947?
Are you affected by CVE-2026-25947?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST