CVE-2026-10731

Name of the Vulnerable Software and Affected Versions The product name cannot be determined (affected versions not specified)

Description An issue exists where the '/user-login' endpoint allows unauthenticated attackers to execute arbitrary SQL queries on the backend database. This occurs because the two steps auth code parameter, processed by the twoStepsAuthVerification() function, is susceptible to SQL injection. A successful exploit could result in database enumeration, the unauthorized creation of privileged users, the modification or deletion of critical information, and denial-of-service conditions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.