{"api_version":"1","generated_at":"2026-07-04T16:15:34+00:00","cve":"CVE-2026-6888","urls":{"html":"https://cve.report/CVE-2026-6888","api":"https://cve.report/api/cve/CVE-2026-6888.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-6888","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-6888"},"summary":{"title":"SQL Injection Vulnerability","description":"Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to\nexecute arbitrary commands via a specific interface,\npotentially enabling the attacker to access, modify, or delete sensitive\ninformation within the database.","state":"PUBLISHED","assigner":"CSA","published_at":"2026-05-13 04:17:41","updated_at":"2026-05-13 16:17:02"},"problem_types":["CWE-89","CWE-89 CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"metrics":[{"version":"3.1","source":"5f57b9bf-260d-4433-bf07-b6a79e9bb7d4","type":"Secondary","score":"7.2","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"7.2","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-050/","name":"https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-050/","refsource":"5f57b9bf-260d-4433-bf07-b6a79e9bb7d4","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-6888","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6888","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Advantech","product":"SaaS Composer","version":"affected prior to version 3.4.17","platforms":[]},{"source":"CNA","vendor":"Advantech","product":"IoTSuite Growth Linux docker","version":"affected prior to version 2.2.0","platforms":[]},{"source":"CNA","vendor":"Advantech","product":"IoTSuite Starter Linux docker","version":"affected prior to version 2.2.0","platforms":[]},{"source":"CNA","vendor":"Advantech","product":"IoT Edge Linux docker","version":"affected prior to version 2.2.0","platforms":[]},{"source":"CNA","vendor":"Advantech","product":"IoT Edge Windows","version":"affected prior to version 2.2.0","platforms":[]},{"source":"CNA","vendor":"Advantech","product":"WebAccess/SCADA","version":"affected prior to version 9.2.3","platforms":[]},{"source":"CNA","vendor":"Advantech","product":"WebAccess SaaS-Composer","version":"affected prior to version 3.4.17.1","platforms":[]},{"source":"CNA","vendor":"Advantech","product":"ECOWatch SaaS-Composer","version":"affected prior to version 3.4.17","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Users and administrators of\naffected product versions are advised to update to the latest versions\nimmediately.\n\n\n\n\n\nFor SaaS Composer, IoTSuite Growth\nLinux docker, IoT Edge Windows, and ECOWatch please contact Advantech  here  https://wise-iot.advantech.com/en-tw/marketplace/help/technical-support for\nthe official release of the fixed version.\n\n\n\n\n\nFor IoTSuite Starter Linux docker,\nplease refer to the update guide  here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/oPN5exOVNQq .\nAs the update involves a reinstallation process, please refer to the\nreinstallation guide  here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/JqNWAMGz1JQ .\n\n\n\n\n\nFor IoT Edge Linux docker, please\nrefer to the update guide  here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/oPN5exOVNQq .\nAs the update involves a reinstallation process, please refer to the\nreinstallation guide  here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/G0yWBn2mp2q .\n\n\n\n\n\nFor WebAccess/SCADA and WebAccess\nSaaS-Composer, please refer to the update guide  here https://www.advantech.com/en/support/details/installation .","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Hoa Ly Van Huu","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"6888","cve":"CVE-2026-6888","epss":"0.001040000","percentile":"0.278380000","score_date":"2026-05-20","updated_at":"2026-05-21 00:09:24"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-6888","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-05-13T14:35:40.247452Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-13T14:35:53.880Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unknown","product":"SaaS Composer","vendor":"Advantech","versions":[{"status":"affected","version":"prior to version 3.4.17"}]},{"defaultStatus":"unknown","product":"IoTSuite Growth Linux docker","vendor":"Advantech","versions":[{"status":"affected","version":"prior to version 2.2.0"}]},{"defaultStatus":"unknown","product":"IoTSuite Starter Linux docker","vendor":"Advantech","versions":[{"status":"affected","version":"prior to version 2.2.0"}]},{"defaultStatus":"unknown","product":"IoT Edge Linux docker","vendor":"Advantech","versions":[{"status":"affected","version":"prior to version 2.2.0"}]},{"defaultStatus":"unknown","product":"IoT Edge Windows","vendor":"Advantech","versions":[{"status":"affected","version":"prior to version 2.2.0"}]},{"defaultStatus":"unknown","product":"WebAccess/SCADA","vendor":"Advantech","versions":[{"status":"affected","version":"prior to version 9.2.3"}]},{"defaultStatus":"unknown","product":"WebAccess SaaS-Composer","vendor":"Advantech","versions":[{"status":"affected","version":"prior to version 3.4.17.1"}]},{"defaultStatus":"unknown","product":"ECOWatch SaaS-Composer","vendor":"Advantech","versions":[{"status":"affected","version":"prior to version 3.4.17"}]}],"credits":[{"lang":"en","type":"finder","value":"Hoa Ly Van Huu"}],"datePublic":"2026-05-13T02:54:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to\nexecute arbitrary commands via a specific interface,\npotentially enabling the attacker to access, modify, or delete sensitive\ninformation within the database.</p>"}],"value":"Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to\nexecute arbitrary commands via a specific interface,\npotentially enabling the attacker to access, modify, or delete sensitive\ninformation within the database."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"providerMetadata":{"dateUpdated":"2026-05-13T03:16:24.701Z","orgId":"5f57b9bf-260d-4433-bf07-b6a79e9bb7d4","shortName":"CSA"},"references":[{"url":"https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-050/"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Users and administrators of\naffected product versions are advised to update to the latest versions\nimmediately.</p>\n\n<p>For SaaS Composer, IoTSuite Growth\nLinux docker, IoT Edge Windows, and ECOWatch please contact Advantech&nbsp;<a href=\"https://wise-iot.advantech.com/en-tw/marketplace/help/technical-support\">here&nbsp;</a>for\nthe official release of the fixed version.</p>\n\n<p>For IoTSuite Starter Linux docker,\nplease refer to the update guide&nbsp;<a href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/oPN5exOVNQq?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\">here</a>.\nAs the update involves a reinstallation process, please refer to the\nreinstallation guide <a href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/JqNWAMGz1JQ?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\">here</a>.</p>\n\n<p>For IoT Edge Linux docker, please\nrefer to the update guide&nbsp;<a href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/oPN5exOVNQq?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\">here</a>.\nAs the update involves a reinstallation process, please refer to the\nreinstallation guide <a href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/G0yWBn2mp2q?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\">here</a>.</p>\n\n<p>For WebAccess/SCADA and WebAccess\nSaaS-Composer, please refer to the update guide <a href=\"https://www.advantech.com/en/support/details/installation?id=1-MS9MJV\">here</a>.</p>"}],"value":"Users and administrators of\naffected product versions are advised to update to the latest versions\nimmediately.\n\n\n\n\n\nFor SaaS Composer, IoTSuite Growth\nLinux docker, IoT Edge Windows, and ECOWatch please contact Advantech  here  https://wise-iot.advantech.com/en-tw/marketplace/help/technical-support for\nthe official release of the fixed version.\n\n\n\n\n\nFor IoTSuite Starter Linux docker,\nplease refer to the update guide  here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/oPN5exOVNQq .\nAs the update involves a reinstallation process, please refer to the\nreinstallation guide  here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/JqNWAMGz1JQ .\n\n\n\n\n\nFor IoT Edge Linux docker, please\nrefer to the update guide  here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/oPN5exOVNQq .\nAs the update involves a reinstallation process, please refer to the\nreinstallation guide  here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/G0yWBn2mp2q .\n\n\n\n\n\nFor WebAccess/SCADA and WebAccess\nSaaS-Composer, please refer to the update guide  here https://www.advantech.com/en/support/details/installation ."}],"source":{"discovery":"UNKNOWN"},"title":"SQL Injection Vulnerability","x_generator":{"engine":"Vulnogram 1.0.2"}}},"cveMetadata":{"assignerOrgId":"5f57b9bf-260d-4433-bf07-b6a79e9bb7d4","assignerShortName":"CSA","cveId":"CVE-2026-6888","datePublished":"2026-05-13T03:16:24.701Z","dateReserved":"2026-04-23T02:58:12.750Z","dateUpdated":"2026-05-13T14:35:53.880Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-13 04:17:41","lastModifiedDate":"2026-05-13 16:17:02","problem_types":["CWE-89","CWE-89 CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"metrics":{"cvssMetricV31":[{"source":"5f57b9bf-260d-4433-bf07-b6a79e9bb7d4","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"6888","Ordinal":"1","Title":"SQL Injection Vulnerability","CVE":"CVE-2026-6888","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"6888","Ordinal":"1","NoteData":"Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to\nexecute arbitrary commands via a specific interface,\npotentially enabling the attacker to access, modify, or delete sensitive\ninformation within the database.","Type":"Description","Title":"SQL Injection Vulnerability"}]}}}