CVE-2026-3992

MEDIUM

CodeGenieApp serverless-express <4.17.1 - Code Injection

Title source: llm

Description

A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

[Issue Tracking] https://github.com/AnalogyC0de/public_exp/issues/19

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.350474

[Permissions Required, VDB Entry] https://vuldb.com/?id.350474

[Permissions Required, VDB Entry] https://vuldb.com/?submit.769631

Scores

CVSS v3 6.3

EPSS 0.0005

EPSS Percentile 16.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-707 CWE-74

Status published

Published Mar 12, 2026

Tracked Since Mar 12, 2026