SQL Injection Vulnerability in Redeight CMS by Redeight
CVE-2026-53690

9.3CRITICAL

Key Information:

Vendor: Redeight
Status: Redeight Cms
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-53690?

An SQL Injection vulnerability in Redeight CMS version 1.0 allows unauthenticated attackers to exploit the 'userEmail' parameter in the POST '/admin/index.php' login endpoint. The lack of input sanitization permits attackers to inject malicious SQL queries, leading to unauthorized data access and potential database compromise.

Affected Version(s)

Redeight CMS 1.0

References

https://cert.pl/posts/2026/06/CVE-2026-53690

third-party-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Jun 10, 2026

Credit

Jacek Czepil

CVE-2026-53690 Data

JSON