HIGH
VDE-CERT
CVE published 2026-05-27
CVE-2026-40813
An unauthenticated SQL injection vulnerability exists in the `getLiveValues` function, specifically within the `tagid` parameter. The flaw stems from improper neutralization of special elements in a SQL SELECT command (CWE-89), allowing remote attackers to inject arbitrary SQL without authentication. Successful exploitation can result in total loss of confidentiality. The vulnerability carries a HIGH seve [truncated]