CVE-2026-25814
Undergoing Analysis Undergoing Analysis - In Progress
NoSQL Injection in PlaciPy 1.0.0 via Unsanitized DynamoDB Queries

Publication date: 2026-02-09

Last updated on: 2026-02-18

Assigner: GitHub, Inc.

Description
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-09
Last Modified
2026-02-18
Generated
2026-06-16
AI Q&A
2026-02-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25814
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
prasklatechnology placipy 1.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in PlaciPy version 1.0.0 arises because user-controlled query parameters are passed directly into DynamoDB query or filter construction without any validation or sanitization.

This means that an attacker can manipulate the input parameters to craft malicious queries, potentially leading to unauthorized data access or other harmful effects.

Impact Analysis

Because the vulnerability allows unvalidated user input to influence database queries, it can lead to severe security impacts such as unauthorized data exposure or modification.

The CVSS score of 9.3 indicates a critical severity, meaning an attacker can exploit this vulnerability remotely without any privileges or user interaction, potentially causing high confidentiality and integrity impacts.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25814. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart