CVE-2026-2584
Deferred Deferred - Pending Action
Critical SQL Injection in Authentication Module Allows Full Data Compromise

Publication date: 2026-03-02

Last updated on: 2026-05-19

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description
A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity (AC:L) and the absence of specific requirements (AT:N), the vulnerability allows for a total compromise of the system's configuration data (VC:H/VI:H). While the availability of the service remains unaffected (VA:N), the breach may lead to a limited exposure of sensitive information regarding subsequent or interconnected systems (SC:L).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-02
Last Modified
2026-05-19
Generated
2026-06-16
AI Q&A
2026-03-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-2584
EUVD
EUVD-2026-9171
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ciser_system sl_firmware From 3.0|end_including=5.1 (inc)
ciser_system sl_firmware From 5.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-2584 is a critical SQL Injection vulnerability found in the authentication module of Ciser System SL firmware versions 3.0 to 5.1.'}, {'type': 'paragraph', 'content': 'An unauthenticated, remote attacker can exploit this flaw by sending specially crafted SQL queries through the login interface.'}, {'type': 'paragraph', 'content': "This allows the attacker to fully compromise the system's configuration data by manipulating the SQL commands executed by the system."}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': "The vulnerability allows a remote attacker to fully compromise the system's configuration data without needing any privileges or user interaction."}, {'type': 'paragraph', 'content': 'While the availability of the service remains unaffected, the attacker can gain access to sensitive information and potentially control or alter system configurations.'}, {'type': 'paragraph', 'content': 'Additionally, there may be limited exposure of sensitive information about interconnected or subsequent systems.'}] [1]

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

Immediate mitigations for CVE-2026-2584 include restricting access to the management/login panel using allowlists.

  • Block untrusted network connections to prevent unauthorized access.
  • Isolate the management interface in a dedicated VLAN that is accessible only through a secure VPN.

The permanent fix is to upgrade to firmware version 5.3 or later, which includes improved input validation and parameterized queries to prevent SQL injection.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2584. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart