CVE-2023-26440
Description
The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access to a local or restricted network could perform arbitrary SQL queries. We have improved the input check for API calls and filter for potentially malicious content. No publicly available exploits are known.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The cacheservice API in OX App Suite is vulnerable to SQL injection via unsanitized parameters, allowing network attackers to execute arbitrary SQL queries.
Vulnerability
The cacheservice API in OX App Suite is susceptible to SQL injection due to insufficient sanitization of parameters used when creating new cache groups. Attackers can indirectly inject SQL syntax through API calls, which is later executed. The vulnerability affects versions prior to the fix implemented by the vendor. [1]
Exploitation
An attacker with access to a local or restricted network can craft malicious API requests to the cacheservice endpoint. By injecting SQL syntax into parameters intended for cache group creation, the attacker can trigger arbitrary SQL execution. No user interaction is required beyond network access. [1]
Impact
Successful exploitation allows the attacker to perform arbitrary SQL queries against the underlying database. This can lead to unauthorized disclosure, modification, or deletion of data, potentially compromising the confidentiality, integrity, and availability of the application. [1]
Mitigation
The vendor has improved input validation and filtering for API calls to prevent SQL injection. Users should update to the latest patched version of OX App Suite. No publicly available exploits are known, and no workarounds have been disclosed. [1]
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- OX Software GmbH/OX App Suitev5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0003.jsonmitrevendor-advisory
- software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdfmitrerelease-notes
- packetstormsecurity.com/files/173943/OX-App-Suite-SSRF-SQL-Injection-Cross-Site-Scripting.htmlmitre
- seclists.org/fulldisclosure/2023/Aug/8mitre
News mentions
0No linked articles in our index yet.