CVE-2026-25076

Received Received - Intake

SQL Injection in Anchore Enterprise GraphQL API Allows Data Modification

Publication date: 2026-03-13

Last updated on: 2026-03-13

Assigner: VulnCheck

Description

Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore Enterprise database.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-03-13

Last Modified

2026-03-13

Generated

2026-06-16

AI Q&A

2026-03-13

EPSS Evaluated

2026-06-15

NVD

CVE-2026-25076

EUVD

EUVD-2026-11707

Affected Vendors & Products

Vendor	Product	Version / Range
anchore	enterprise	to 5.25.1 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-89	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE ID

Description

CWE-89

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

Executive Summary

CVE-2026-25076 is an SQL injection vulnerability found in Anchore Enterprise versions before 5.25.1. It exists in the GraphQL Reports API, where an authenticated attacker with access to this API can execute arbitrary SQL commands. This means the attacker can manipulate the database by modifying data stored within Anchore Enterprise.

Impact Analysis

This vulnerability allows an authenticated attacker with access to the GraphQL API to execute arbitrary SQL instructions, which can lead to unauthorized modifications of the data in the Anchore Enterprise database. The impact includes high confidentiality and integrity risks, meaning sensitive data could be altered or corrupted, potentially compromising the security and reliability of the system.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

[{'type': 'paragraph', 'content': "To mitigate the SQL injection vulnerability in Anchore Enterprise's GraphQL Reports API, you should upgrade to Anchore Enterprise version 5.25.1 or later, where this issue has been fixed."}, {'type': 'paragraph', 'content': 'Ensure that only authenticated and authorized users have access to the GraphQL API to reduce the risk of exploitation.'}, {'type': 'paragraph', 'content': 'Review and apply any additional security best practices recommended by Anchore for your deployment environment.'}] [2, 3]

Hi! I’m here to help you understand CVE-2026-25076. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-25076

SQL Injection in Anchore Enterprise GraphQL API Allows Data Modification

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart