High severity8.8NVD Advisory· Published Apr 8, 2026· Updated Apr 17, 2026
CVE-2026-24913
CVE-2026-24913
Description
SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, information stored in the database may be obtained or altered by a user who can log in to the product.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:icz:matcha_invoice:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:icz:matcha_invoice:*:*:*:*:*:*:*:*range: <=2.6.6
- (no CPE)range: <=2.6.6
Patches
Vulnerability mechanics
References
2- jvn.jp/en/jp/JVN33581068/nvdThird Party Advisory
- oss.icz.co.jp/news/nvdVendor Advisory
News mentions
0No linked articles in our index yet.