CVE-2026-44706

HIGH LAB

Chatwoot: SQL Injection in Conversation/Contact Filter API via Custom Attribute Values

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-44706. PoCs published by hakaioffsec.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-44706, a SQL injection vulnerability in Chatwoot's FilterService. The PoC demonstrates time-based and boolean-based SQLi techniques to extract database information, including user credentials and API tokens.

Description

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the is_greater_than or is_less_than operators, user-supplied values in the values field of the filter payload are interpolated directly into the SQL query without parameterization. Any authenticated user with access to an account can exploit this to execute arbitrary SQL via time-based blind injection. This affects /api/v1/accounts/{account_id}/conversations/filter, /api/v1/accounts/{account_id}/contacts/filter, and /api/v1/accounts/{account_id}/custom_attribute_definitions. This vulnerability is fixed in 4.11.2.

Exploits (1)

github WORKING POC 4 stars

by hakaioffsec · pythonpoc

https://github.com/hakaioffsec/CVE-2026-44706

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2026-44706, a SQL injection vulnerability in Chatwoot's FilterService. The PoC demonstrates time-based and boolean-based SQLi techniques to extract database information, including user credentials and API tokens.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Chatwoot <= 4.11.1

Auth required

Prerequisites: Authenticated API access token · Valid account ID · Network access to the target Chatwoot instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Jun 06, 2026 Full analysis →

References (1)

Core 1

Core References

X_Refsource_Confirm x_refsource_confirm

https://github.com/chatwoot/chatwoot/security/advisories/GHSA-9pgm-75gg-6948

Scores

CVSS v3 8.5

EPSS 0.0003

EPSS Percentile 8.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Lab Environment

COMMUNITY

Community Lab

docker pull chatwoot/chatwoot:v4.11.1

https://github.com/hakaioffsec/CVE-2026-44706

View in Library

Details

CWE

CWE-89

Status published

Products (1)

chatwoot/chatwoot >= 2.2.0, < 4.11.2

Published May 26, 2026

Tracked Since May 26, 2026