SQL Injection Vulnerability in ALAYA CMS by KANATA Limited
CVE-2026-40529

5.1MEDIUM

Key Information:

Vendor: Kanata Limited
Status: Cms Alaya
Vendor: CVE Published:; 23 April 2026

🔔 Create Kanata Limited Vulnerability Alert

What is CVE-2026-40529?

ALAYA CMS, developed by KANATA Limited, suffers from an SQL injection vulnerability that allows attackers to exploit the administrative interface. This vulnerability may enable unauthorized users to access or modify sensitive information stored in the database. Proper security measures and regular updates are essential to mitigate the risks associated with this flaw.

Affected Version(s)

CMS ALAYA 7.4.1.4 and earlier

References

https://jvn.jp/en/jp/JVN08026319/

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2026
Vulnerability Reserved
Apr 13, 2026

CVE-2026-40529 Data

JSON