CVE-2026-33566
Cypher Injection in LogonTracer Allows Database Manipulation
Publication date: 2026-04-27
Last updated on: 2026-04-28
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jpcert | logontracer | to 2.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-943 | The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a cypher injection issue in LogonTracer versions prior to 2.0.0. It occurs when specially crafted Windows event log data is loaded into the system, which can lead to unauthorized alteration of the database contents.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker could alter the contents of the database by injecting malicious data through crafted Windows event logs. This could compromise the integrity of the data stored in LogonTracer, potentially leading to incorrect analysis or loss of trust in the system's data.