SQL Injection Vulnerability in Nefteprodukttekhnika BUK TS-G Gas Station Automation System
CVE-2026-3843

9.3CRITICAL

Key Information:

Vendor: Nefteprodukttekhnika Llc
Status: Buk Ts-g Gas Station Automation System
Vendor: CVE Published:; 10 March 2026

🔔 Create Nefteprodukttekhnika Llc Vulnerability Alert

What is CVE-2026-3843?

The BUK TS-G Gas Station Automation System, version 2.9.1, is susceptible to a SQL injection vulnerability in its system configuration module. This security flaw enables remote attackers to execute arbitrary SQL commands by sending specially crafted SQL requests. Exploiting this vulnerability may lead to unauthorized access to sensitive data and could allow for the execution of remote code, significantly compromising system security.

Affected Version(s)

BUK TS-G Gas Station Automation System Linux 2.9.1 < 2.10.2

BUK TS-G Gas Station Automation System Linux 2.10.2

References

https://bukts.ru/repo-bukts-current

https://bdu.fstec.ru/vul/2025-13914

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Mar 9, 2026

Credit

Yergashvoyev Jamshed

CVE-2026-3843 Data

JSON