CVE-2026-3022

High CVSS: 7.1

Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting special NoSQL commands, resulting in the attacker being able to obtain customer reports.

Vendor

Wakyma

Product

Wakyma

CWE

CWE-943

Yayın Tarihi

2026-03-16 14:19:45

Güncelleme

2026-03-19 20:05:34

Source Identifier

cve-coordination@incibe.es

KEV Date Added

Kategoriler

CWE-943 Wakyma HIGH Wakyma 2026

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wakyma-application-web

Benzer Kayıtlar

High

CVE-2026-3021

Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wa…

Medium

CVE-2026-3023

Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wa…

Medium

CVE-2026-3024

Stored Cross-Site Scripting (XSS) vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma…