CVE-2026-25076

Vulnerability

Analysis

CVE-2026-25076 is an SQL injection vulnerability in the GraphQL Reports API of Anchore Enterprise versions prior to 5.25.1 [2]. The root cause is improper sanitization of user-supplied input within the GraphQL Reports API, allowing crafted queries to inject arbitrary SQL commands [3].

Exploitation

An attacker must be authenticated and able to access the Anchore Enterprise GraphQL API [3]. The vulnerability is in the Reports API, which suggests the attack vector is through network access to the affected service. The attacker does not need special privileges beyond standard API access. Exploitation involves sending maliciously crafted GraphQL queries that, when processed, lead to SQL injection [3].

Impact

Successful exploitation enables an authenticated attacker to execute arbitrary SQL commands on the Anchore Enterprise database [2][3]. This can lead to unauthorized modification of data stored in the database, such as altering vulnerability results, compliance data, or potentially impacting system configuration [1]. The vulnerability does not require the attacker to be on the same network (AV:A in CVSS), but the CVSS vector indicates high impact to confidentiality and integrity [3].

Mitigation

The vulnerability is fixed in Anchore Enterprise version 5.25.1 [2]. Users should upgrade to this version or beyond this version. No workarounds are mentioned in the references. The issue was reported by Andrew Van Fleteren [2][3].