CVE-2026-25947
HIGHWorklenz < 2.1.7 - SQL Injection in Project and Task Management Controllers
Title source: llmDescription
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocation and scheduling features. The vulnerability has been patched in version v2.1.7.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/Worklenz/worklenz/security/advisories/GHSA-f2f8-2ppj-85pf
Patch x_refsource_misc
https://github.com/Worklenz/worklenz/commit/76e5cb0f5dd566fb65586cd3db30ee951c92a32b
Release Notes x_refsource_misc
https://github.com/Worklenz/worklenz/releases/tag/v2.1.7
Scores
CVSS v3
8.8
EPSS
0.0035
EPSS Percentile
27.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
worklenz/worklenz
< 2.1.7
Published
Feb 10, 2026
Tracked Since
Feb 18, 2026