CVE-2026-41478 | Saltcorn up to 1.4.5/1.5.5/1.6.0-beta.4 mobile-sync Routes sql injection (GHSA-jp74-mfrx-3qvh)

Inserito da Angelo Barbosa | Apr 25, 2026 | CVE

A vulnerability identified as critical has been detected in Saltcorn up to 1.4.5/1.5.5/1.6.0-beta.4. This vulnerability affects unknown code of the component mobile-sync Routes. Performing a manipulation results in sql injection.

This vulnerability is identified as CVE-2026-41478. The attack can be initiated remotely. There is not any exploit available.

You should upgrade the affected component.

CVE-2026-41478 | Saltcorn up to 1.4.5/1.5.5/1.6.0-beta.4 mobile-sync Routes sql injection (GHSA-jp74-mfrx-3qvh)

Post correlati

CVE-2024-32964 | lobehub lobe-chat up to 0.150.5 /api/proxy server-side request forgery

CVE-2025-47150 | F5 F5OS-A/F5OS-C SNMP resource consumption (K000149820)

CVE-2026-0890 | Mozilla Firefox up to 146 Drag/Drop ui layer

CVE-2024-5671 | Trellix Intrusion Prevention System Manager prior 11.1.x deserialization