SQL Injection Vulnerability in Apache Fineract's Office Search API
CVE-2026-57821
Currently unrated
What is CVE-2026-57821?
A SQL Injection vulnerability has been identified in Apache Fineract's Office Search API. This flaw allows authenticated users with appropriate permissions to manipulate SQL queries through the 'orderBy' parameter, leading to potential data exfiltration. When an attacker injects a carefully crafted query, it can block the database connection, causing exhaustion of the connection pool and resulting in denial of service for other users. To safeguard against these risks, users are advised to upgrade to versions that incorporate the patch addressing this vulnerability.
Affected Version(s)
Apache Fineract 0 <= 1.14.0
Apache Fineract 1.15.0