CVE-2026-44706 | Chatwoot up to 4.11.1 Custom Attributes filter is_greater_than values sql injection (GHSA-9pgm-75gg-6948)

Inserito da Angelo Barbosa | Mag 26, 2026 | CVE

A vulnerability categorized as critical has been discovered in Chatwoot up to 4.11.1. Affected by this vulnerability is the function is_greater_than of the file /api/v1/accounts/{account_id}/conversations/filter of the component Custom Attributes Handler. The manipulation of the argument values results in sql injection.

This vulnerability is reported as CVE-2026-44706. The attack can be launched remotely. No exploit exists.

It is advisable to upgrade the affected component.

CVE-2026-44706 | Chatwoot up to 4.11.1 Custom Attributes filter is_greater_than values sql injection (GHSA-9pgm-75gg-6948)

Post correlati

CVE-2026-24922 | Huawei HarmonyOS 6.0.0 HDC Module heap-based overflow

CVE-2024-54436 | Jettochkin Jet Footer Code Plugin up to 1.4 on WordPress cross-site request forgery

CVE-2026-22886 | Eclipse OpenMQ default credentials

CVE-2024-5279 | Qiwen Netdisk up to 1.4.0 File Rename cross site scripting (I8W3H2)