A vulnerability, which was classified as critical, was found in Apache Fineract up to 1.14.0. This vulnerability affects unknown code of the file /api/v1/clients of the component Client Search API. The manipulation of the argument orderBy/sortOrder results in sql injection.
This vulnerability is identified as CVE-2026-56287. The attack can be executed remotely. There is not any exploit available.