A vulnerability was found in ureport 2.2.9. It has been rated as critical. Impacted is an unknown function of the file /ureport/datasource/previewData of the component Datasource Preview Data. Performing a manipulation results in sql injection.

This vulnerability is cataloged as CVE-2026-38158. It is possible to initiate the attack remotely. There is no exploit available.