SQL Injection Vulnerability in Raytha CMS by Raytha
CVE-2026-12076

9.3CRITICAL

Key Information:

Vendor: Raytha
Status: Raytha
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-12076?

Raytha CMS is susceptible to a SQL Injection vulnerability within its OData filter parsing pipeline. This exposure enables remote, unauthenticated attackers to issue arbitrary SQL queries against the PostgreSQL database, potentially leading to complete database control and credential extraction. While this flaw has been verified in version 1.5.2, it may also impact other earlier or unconfirmed versions of the product. Prompt remediation is advised to safeguard sensitive data.

Affected Version(s)

Raytha 1.5.2

References

https://cert.pl/posts/2026/06/CVE-2026-12076

https://raytha.com

product

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Jun 12, 2026

Credit

Arkadiusz Marta

CVE-2026-12076 Data

JSON