CVE-2026-7699

Name of the Vulnerable Software and Affected Versions Dromara MaxKey versions prior to 3.5.14

Description A remote SQL injection flaw exists in the StrUtils.checkSqlInjection() function within the StrUtils.java file. This issue occurs when the filtersfields argument is manipulated, allowing an attacker to execute arbitrary SQL commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the StrUtils.checkSqlInjection() function to minimize the risk of exploitation.