CVE-2026-3021

Name of the Vulnerable Software and Affected Versions Wakyma (affected versions not specified)

Description A non-relational SQL injection (NoSQLi) issue exists in the Wakyma web application. The vulnerability is located in the 'vets.wakyma.com/centro/equipo/empleado' endpoint. An authenticated user can modify a GET request to this endpoint to inject special NoSQL commands, potentially leading to the enumeration of sensitive employee data. The vulnerable endpoint is ''vets.wakyma.com/centro/equipo/empleado''.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.