Review
grocy
CVE published 2026-06-15
CVE-2026-50890
A SQL injection vulnerability was discovered in grocy v4.6.0, specifically in the product-group parameter at /stockreports/spendings. This vulnerability, tracked as CVE-2026-50890, enables attackers to access sensitive database information by injecting malicious SQL statements.