PatchSiren cyber security CVE debrief
CVE-2026-45779 ubccr CVE debrief
A critical SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3. This vulnerability, tracked as CVE-2026-45779, allows an unauthenticated remote attacker to execute arbitrary SQL statements, potentially leading to complete compromise of the underlying database. The issue was discovered on 2023-08-03 and patched on 2023-08-04. All deployments of Open XDMoD prior to 10.0.3 are impacted. There is no evidence that this vulnerability has been exploited in the wild.
- Vendor
- ubccr
- Product
- xdmod
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-10
Who should care
Administrators and users of Open XDMoD versions prior to 10.0.3 should apply the patch or upgrade to version 10.0.3 or later to mitigate this vulnerability.
Technical summary
The vulnerability is caused by a lack of proper input validation, allowing an attacker to inject malicious SQL code. The CVSS score for this vulnerability is 9.3, indicating a critical severity.
Defensive priority
High
Recommended defensive actions
- Apply the patch manually as a workaround.
- Upgrade to Open XDMoD version 10.0.3 or later.
Evidence notes
The vulnerability was patched in Open XDMoD 10.0.3 on 2023-08-04.
Official resources
-
CVE-2026-45779 CVE record
CVE.org
-
CVE-2026-45779 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory, Mitigation
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Patch
CVE-2026-45779 was published on 2026-06-05T20:17:33.023Z and modified on 2026-06-10T21:04:01.193Z.