CVE-2026-3992 | CodeGenieApp serverless-express up to 4.17.1 Users Endpoint utils/dynamodb.ts filter injection

Inserito da Angelo Barbosa | Mar 11, 2026 | CVE

A vulnerability marked as critical has been reported in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection.

This vulnerability appears as CVE-2026-3992. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3992 | CodeGenieApp serverless-express up to 4.17.1 Users Endpoint utils/dynamodb.ts filter injection

Post correlati

CVE-2023-6671 | OJS Open Journal Systems 3.3.0.13 cross-site request forgery

CVE-2026-2999 | Changing IDExpert Windows Logon Agent up to 2.8.4.250925 code download

CVE-2024-54226 | Karl Kiesinger Country Blocker Plugin up to 3.2 on WordPress cross-site request forgery

CVE-2025-11099 | D-Link DIR-823X 250416 delete_prohibiting uci_del delvalue command injection