PatchSiren cyber security CVE debrief
CVE-2026-14658 code-projects CVE debrief
CVE-2026-14658 is a SQL injection vulnerability detected in Assessment Management 1.0. The vulnerability affects an unknown code section of the /lecturer/marking-scheme.php file. The manipulation of the smarksrange[] argument results in SQL injection. The attack can be launched remotely, and the exploit is now public. The CVSS score for this vulnerability is 2.1, indicating a low severity. The CVE was published on July 4, 2026, and has not been modified since then.
- Vendor
- code-projects
- Product
- Assessment Management
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-04
- Original CVE updated
- 2026-07-04
- Advisory published
- 2026-07-04
- Advisory updated
- 2026-07-04
Who should care
Defenders of Assessment Management 1.0 should prioritize patching this vulnerability to prevent potential SQL injection attacks. Given the low CVSS score, it may not be a high priority, but it should still be addressed in a timely manner. The vulnerability's remote exploitability and public exploit availability increase its risk.
Technical summary
The CVE-2026-14658 vulnerability is a SQL injection issue in Assessment Management 1.0. It affects the /lecturer/marking-scheme.php file, specifically through manipulation of the smarksrange[] argument. The vulnerability has a CVSS score of 2.1 and a low severity rating. The attack vector is network-based, and the exploit is publicly available. The vulnerability was reported by an unknown vendor and has been categorized under CWE-74 and CWE-89.
Defensive priority
The defensive priority for CVE-2026-14658 is moderate. Although the CVSS score is low, the remote exploitability and public availability of the exploit increase the risk. Defenders should prioritize patching this vulnerability, especially if Assessment Management 1.0 is used in a network-exposed environment.
Recommended defensive actions
- Patch the vulnerable Assessment Management 1.0 system
- Implement additional monitoring for SQL injection attempts
- Review and update the system's input validation and sanitization
- Consider compensating controls, such as web application firewalls
- Verify the system's inventory and track exceptions
Evidence notes
The evidence for CVE-2026-14658 comes from the NVD and CVE.org. The vulnerability was reported by an unknown vendor and has been categorized under CWE-74 and CWE-89. The CVSS score is 2.1, indicating a low severity. The exploit is publicly available, and the attack can be launched remotely.
Official resources
This article is AI-assisted and based on the supplied source corpus.