CVE-2026-33566
Received Received - Intake
Cypher Injection in LogonTracer Allows Database Manipulation

Publication date: 2026-04-27

Last updated on: 2026-04-28

Assigner: JPCERT/CC

Description
There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-27
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-33566
EUVD
EUVD-2026-25742
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jpcert logontracer to 2.0.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-943 The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a cypher injection issue in LogonTracer versions prior to 2.0.0. It occurs when specially crafted Windows event log data is loaded into the system, which can lead to unauthorized alteration of the database contents.

Impact Analysis

The impact of this vulnerability is that an attacker could alter the contents of the database by injecting malicious data through crafted Windows event logs. This could compromise the integrity of the data stored in LogonTracer, potentially leading to incorrect analysis or loss of trust in the system's data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33566. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart