Unrated severityNVD Advisory· Published Feb 10, 2026· Updated Feb 10, 2026
Worklenz Boolean-Based Blind SQL Injection via Improper ORDER BY Clause Input Validation
CVE-2026-25947
Description
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocation and scheduling features. The vulnerability has been patched in version v2.1.7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/Worklenz/worklenz/commit/76e5cb0f5dd566fb65586cd3db30ee951c92a32bmitrex_refsource_MISC
- github.com/Worklenz/worklenz/releases/tag/v2.1.7mitrex_refsource_MISC
- github.com/Worklenz/worklenz/security/advisories/GHSA-f2f8-2ppj-85pfmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.