CVE-2026-2094
Description
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated remote attackers can inject arbitrary SQL commands into Docpedia 3.0, reading, modifying, and deleting database contents.
Root
Cause CVE-2026-2094 is a SQL Injection vulnerability in Docpedia 3.0, a product developed by Flowring. The flaw allows authenticated remote attackers to inject arbitrary SQL commands into database queries, compromising the confidentiality, integrity, and availability of stored data [1][2].
Attack
Vector An attacker must first authenticate to the Docpedia application. No special privileges beyond a valid user account are required. The vulnerability is exploitable over the network, and the attack complexity is low [1][2].
Impact
Successful exploitation enables the attacker to read, modify, and delete database contents. Given the CVSS v3.1 score of 8.8 (High), the impact on confidentiality, integrity, and availability is rated as high [1][2].
Mitigation
The vendor has released a patch, identified as DP4 HotFix_057, which should be applied to affected installations of Docpedia 3.0 [1][2].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.