Detections
Analytics
CVE-2026-40529
medium
Description
CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface.
References
Details
Published: 2026-04-23
Updated: 2026-04-23
Risk Information
CVSS v2
Base Score: 5.8
Vector: CVSS2#AV:N/AC:L/Au:M/C:P/I:P/A:P
Severity: Medium
CVSS v3
Base Score: 4.7
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Severity: Medium
CVSS v4
Base Score: 5.1
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Severity: Medium
EPSS
EPSS: 0.00026