CVE-2026-40831

Deferred Deferred - Pending Action

SQL Injection in Easy View

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: CERT VDE

Description

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the Easy View due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-27

Last Modified

2026-05-27

Generated

2026-06-16

AI Q&A

2026-05-27

EPSS Evaluated

2026-06-15

NVD

CVE-2026-40831

EUVD

EUVD-2026-32160

Affected Vendors & Products

Vendor	Product	Version / Range
easy_view	easy_view	*

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-89	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE ID

Description

CWE-89

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

Executive Summary

This vulnerability is an unauthenticated SQL Injection in the Easy View application. It occurs because the application does not properly neutralize special elements in a SQL SELECT command. This flaw allows a low privileged remote attacker to exploit the system.

Impact Analysis

Exploiting this vulnerability can lead to a total loss of confidentiality. This means an attacker could potentially access sensitive data without authorization.

Compliance Impact

This vulnerability allows a low privileged remote attacker to exploit an unauthenticated SQL Injection in Easy View, resulting in a total loss of confidentiality.

A total loss of confidentiality can lead to unauthorized access to sensitive data, which may cause non-compliance with data protection regulations such as GDPR and HIPAA that require the protection of personal and health information.

Hi! I’m here to help you understand CVE-2026-40831. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-40831

SQL Injection in Easy View

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart