CVE-2026-40833

HIGH NVD

CVSS Score 7.1

Severity HIGH

Published May 27, 2026

Vendor unknown

Description

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non critical table. This can result in a total loss of confidentiality and some loss of integrity.

References

https://www.certvde.com/en/advisories/VDE-2026-044/