CVE-2026-2584

Name of the Vulnerable Software and Affected Versions Ciser System SL firmware (affected versions not specified)

Description A critical SQL Injection (SQLi) vulnerability exists within the authentication module. A remote, unauthenticated attacker can exploit this flaw by submitting crafted SQL queries through the login interface. The vulnerability has low attack complexity and does not require specific privileges. Successful exploitation can lead to a complete compromise of the system’s configuration data and limited exposure of sensitive information related to interconnected systems. The vulnerability affects the /login API endpoint, where crafted SQL queries can be submitted. The query parameter is likely involved in the injection.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.