CVE-2026-44706 | Chatwoot up to 4.11.1 Custom Attributes filter is_greater_than values sql injection (GHSA-9pgm-75gg-6948)

Inserito da Angelo Barbosa | Mag 26, 2026 | CVE

A vulnerability categorized as critical has been discovered in Chatwoot up to 4.11.1. Affected by this vulnerability is the function is_greater_than of the file /api/v1/accounts/{account_id}/conversations/filter of the component Custom Attributes Handler. The manipulation of the argument values results in sql injection.

This vulnerability is reported as CVE-2026-44706. The attack can be launched remotely. No exploit exists.

It is advisable to upgrade the affected component.

CVE-2026-44706 | Chatwoot up to 4.11.1 Custom Attributes filter is_greater_than values sql injection (GHSA-9pgm-75gg-6948)

Post correlati

CVE-2025-10548 | CleverControl Employee Monitoring Software 11.5.1041.6 certificate validation

CVE-2024-4592 | DedeCMS 5.7 sys_group_edit.php cross-site request forgery

CVE-2025-0103 | Palo Alto Networks Cloud NGFW sql injection

CVE-2025-12367 | SiteSEO Plugin up to 1.3.1 on WordPress authorization