CVE-2026-35548
Received Received - Intake
Logic Flaw in guardsix ODBC Plugin Enables SSRF via Credential Reuse

Publication date: 2026-04-22

Last updated on: 2026-04-22

Assigner: MITRE

Description
An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 is used in guardsix 7.9.0.0). A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source, previously stored credentials were retained even if the connection endpoint was changed. An authenticated Operator user could redirect the database connection to unintended internal systems, resulting in SSRF and potential misuse of valid stored credentials.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-22
Last Modified
2026-04-22
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-14
NVD
CVE-2026-35548
EUVD
EUVD-2026-24953
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
guardsix odbc_enrichment_plugins to 5.2.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, you should upgrade guardsix ODBC Enrichment Plugins to version 5.2.1 or later, as this version fixes the logic flaw that allowed stored database credentials to be reused after modification of the target Host, IP address, or Port.

Additionally, review and verify all existing Enrichment Sources to ensure that connection endpoints have not been maliciously altered, and consider resetting stored credentials where appropriate to prevent misuse.

Executive Summary

This vulnerability exists in guardsix (formerly Logpoint) ODBC Enrichment Plugins before version 5.2.1. It is caused by a logic flaw where stored database credentials are reused even after the target Host, IP address, or Port is changed. Specifically, when an authenticated Operator edits an existing Enrichment Source and changes the connection endpoint, the previously stored credentials remain in use. This allows the Operator to redirect the database connection to unintended internal systems.

As a result, this flaw can lead to Server-Side Request Forgery (SSRF) and potential misuse of valid stored credentials.

Impact Analysis

The vulnerability can impact you by allowing an authenticated Operator user to redirect database connections to unintended internal systems. This can lead to Server-Side Request Forgery (SSRF), which may expose internal network resources or services that are not intended to be accessible.

Additionally, the misuse of valid stored credentials could allow unauthorized access or actions on internal databases, potentially compromising confidentiality and integrity of sensitive data.

Compliance Impact

This vulnerability allows an authenticated Operator user to reuse stored database credentials after modifying connection parameters, potentially redirecting connections to unintended internal systems. This could lead to unauthorized access or misuse of sensitive data.

Such unauthorized access and potential data misuse could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls over access to sensitive personal and health information.

However, specific impacts on compliance depend on the environment and data involved, and no direct information about compliance effects is provided in the available context.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35548. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart