CVE-2026-38158
Received Received - Intake

SQL Injection in UReport v2.2.9

Vulnerability report for CVE-2026-38158, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: MITRE

Description

A SQL injection vulnerability in the /ureport/datasource/previewData component of ureport v2.2.9 allows attackers to access sensitive database information via crafted SQL statements.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
ureport ureport 2.2.9

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This is a SQL injection vulnerability in the ureport v2.2.9 software. It exists in the /ureport/datasource/previewData component, where attackers can inject malicious SQL statements to access sensitive database information.

Detection Guidance

To detect SQL injection vulnerabilities in ureport v2.2.9, inspect network traffic for suspicious requests targeting the /ureport/datasource/previewData endpoint. Look for unusual SQL syntax or payloads in parameters. Enable database logging to identify unauthorized queries. Use tools like SQLMap to test for injection points, but only in authorized environments.

Impact Analysis

Attackers could exploit this to read, modify, or delete sensitive data in the database. This may lead to unauthorized access to confidential information, data breaches, or system compromise depending on the database contents.

Compliance Impact

This vulnerability could lead to non-compliance with GDPR, HIPAA, or other regulations due to unauthorized data access or breaches. Organizations may face legal penalties, fines, or reputational damage if sensitive data is exposed.

Mitigation Strategies

Immediately update ureport to the latest version beyond v2.2.9 to patch the SQL injection flaw in the /ureport/datasource/previewData component. Disable or restrict access to this component if an update is not immediately available.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-38158. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart