A vulnerability has been found in Apache Fineract up to 1.14.0 and classified as critical. This issue affects some unknown processing of the component Report Execution API. This manipulation causes sql injection.

This vulnerability is tracked as CVE-2026-35152. The attack is possible to be carried out remotely. No exploit exists.