CVE-2026-35548

Name of the Vulnerable Software and Affected Versions guardsix ODBC Enrichment Plugins versions prior to 5.2.1

Description A logic flaw exists where stored database credentials are retained after the target Host, IP address, or Port is modified. When editing an Enrichment Source, the system fails to clear previous credentials despite changes to the connection endpoint. This allows an authenticated Operator user to redirect the database connection to unintended internal systems, leading to Server-Side Request Forgery (SSRF), which is a technique where an attacker forces a server to send requests to an internal or external resource. This could result in the misuse of valid stored credentials.

Recommendations Update to version 5.2.1.