PT-2026-25077 · Anchore · Anchore Enterprise
Andrew Van Fleteren
·
Published
2026-03-12
·
Updated
2026-03-14
·
CVE-2026-25076
CVSS v3.1
7.3
High
| Vector | AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Anchore Enterprise versions prior to 5.25.1
Description
Anchore Enterprise is affected by an SQL injection issue in the GraphQL Reports API. An authenticated attacker with access to the GraphQL API can execute arbitrary SQL instructions, potentially modifying data within the Anchore Enterprise database. The vulnerable API endpoint is the GraphQL Reports API.
Recommendations
Update Anchore Enterprise to version 5.25.1 or later.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Anchore Enterprise