CRITICAL
Nemon
CVE published 2026-06-09
CVE-2026-10731
CVE-2026-10731 is a critical SQL injection vulnerability with a CVSS score of 9.3. The vulnerability exists in the 'two_steps_auth_code' parameter processed by the 'twoStepsAuthVerification' function within the '/user-login' endpoint. This endpoint's two-factor authentication (2FA) functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queri [truncated]