A vulnerability, which was classified as critical, was found in Pimcore Studio up to 2025.4.5/2026.1.5. The affected element is an unknown function of the file /pimcore-studio/api/website-settings of the component Column Filter Handler. Such manipulation of the argument key leads to sql injection.

This vulnerability is uniquely identified as CVE-2026-55208. The attack can be launched remotely. No exploit exists.