Unrated severityNVD Advisory· Published Mar 23, 2026· Updated Mar 23, 2026
Pre-Auth Blind SQLi in userinfo Endpoint
CVE-2026-32969
Description
An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
40.0.0+ 1 more
- (no CPE)range: 0.0.0
- (no CPE)range: 0.0.0
- Range: 0.0.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.