SQL Injection Vulnerability in Bolt CMS by Bolt
CVE-2026-39229

6.5MEDIUM

Key Information:

Vendor: Bolt
Status: Bolt CMS
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-39229?

Bolt CMS versions up to 3.7.0 are susceptible to a SQL Injection vulnerability through the 'order' parameter in content listing pages. This flaw can be exploited by authenticated attackers with minimal privileges using the OrderDirective component, leading to unauthorized access to sensitive information stored in the database. It is essential for users of Bolt CMS to apply appropriate security measures to protect against potential exploitation of this vulnerability.

References

https://github.com/bolt/bolt

https://boltcms.io/

https://github.com/Tonoss-412/My-CVE/blob/main/CVE-2026-3...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
Apr 6, 2026

CVE-2026-39229 Data

JSON