SQL Injection Vulnerability in Corteza Affecting Microsoft SQL Server
CVE-2026-6093

6MEDIUM

Key Information:

Vendor: Cortezaproject
Status: Corteza
Vendor: CVE Published:; 11 May 2026

🔔 Create Cortezaproject Vulnerability Alert

What is CVE-2026-6093?

Corteza is vulnerable to a SQL injection issue within its backend when filtering Compose records by the meta field. This flaw, which specifically impacts Microsoft SQL Server (MSSQL), allows attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive data. The issue is present in version 2024.9.8, emphasizing the need for users to apply necessary security measures to protect their systems.

Affected Version(s)

corteza Windows 2024.9.8

References

https://fluidattacks.com/es/advisories/motley

third-party-advisory

https://github.com/cortezaproject/corteza

product

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
Apr 10, 2026

Credit

Fluid Attacks' AI SAST Scanner

Oscar Uribe

CVE-2026-6093 Data

JSON