CVE-2026-40529

MEDIUM

Kanata Limited Cms Alaya < 7.4.1.4 and earlier - SQL Injection

Title source: rule

Description

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface.

References (1)

https://jvn.jp/en/jp/JVN08026319/

Scores

CVSS v3 4.7

EPSS 0.0003

EPSS Percentile 7.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-89

Status published

Products (1)

KANATA Limited/CMS ALAYA 7.4.1.4 and earlier

Published Apr 23, 2026

Tracked Since Apr 23, 2026