CVE-2026-35548
Logic Flaw in guardsix ODBC Plugin Enables SSRF via Credential Reuse
Publication date: 2026-04-22
Last updated on: 2026-04-22
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| guardsix | odbc_enrichment_plugins | to 5.2.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade guardsix ODBC Enrichment Plugins to version 5.2.1 or later, as this version fixes the logic flaw that allowed stored database credentials to be reused after modification of the target Host, IP address, or Port.
Additionally, review and verify all existing Enrichment Sources to ensure that connection endpoints have not been maliciously altered, and consider resetting stored credentials where appropriate to prevent misuse.
Can you explain this vulnerability to me?
This vulnerability exists in guardsix (formerly Logpoint) ODBC Enrichment Plugins before version 5.2.1. It is caused by a logic flaw where stored database credentials are reused even after the target Host, IP address, or Port is changed. Specifically, when an authenticated Operator edits an existing Enrichment Source and changes the connection endpoint, the previously stored credentials remain in use. This allows the Operator to redirect the database connection to unintended internal systems.
As a result, this flaw can lead to Server-Side Request Forgery (SSRF) and potential misuse of valid stored credentials.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an authenticated Operator user to redirect database connections to unintended internal systems. This can lead to Server-Side Request Forgery (SSRF), which may expose internal network resources or services that are not intended to be accessible.
Additionally, the misuse of valid stored credentials could allow unauthorized access or actions on internal databases, potentially compromising confidentiality and integrity of sensitive data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an authenticated Operator user to reuse stored database credentials after modifying connection parameters, potentially redirecting connections to unintended internal systems. This could lead to unauthorized access or misuse of sensitive data.
Such unauthorized access and potential data misuse could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls over access to sensitive personal and health information.
However, specific impacts on compliance depend on the environment and data involved, and no direct information about compliance effects is provided in the available context.