CVE-2026-49079 Jetimpex Inc. CVE debrief

Who should care

Administrators and users of the JetSearch plugin, especially those using versions up to 3.5.17, should be aware of this critical vulnerability. Immediate action is necessary to prevent potential data breaches and system compromises.

Technical summary

CVE-2026-49079 is an unauthenticated SQL injection vulnerability in the JetSearch plugin. The vulnerability has a CVSS score of 9.3 and is considered critical. It allows attackers to inject malicious SQL without authentication, potentially leading to data breaches and system compromise. The affected plugin versions are up to 3.5.17.

Defensive priority

high

Recommended defensive actions

• Update the JetSearch plugin to a version beyond 3.5.17 immediately.
• Restrict access to the plugin's functionality to authenticated users only.
• Implement a Web Application Firewall (WAF) to detect and prevent SQL injection attacks.
• Regularly monitor plugin and system logs for suspicious activity.
• Consider replacing the plugin with a more secure alternative if possible.

Evidence notes

The vulnerability information is based on data from the National Vulnerability Database (NVD) and Patchstack. The CVE record was published on June 17, 2026, and has been updated with additional details.

Official resources