SQLi in Netcad's E-İmar
CVE-2026-7486

9.8CRITICAL

Key Information:

Vendor

Netcad Software Inc.

Status
E-i̇mar
Vendor
CVE Published:
9 June 2026

What is CVE-2026-7486?

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Netcad Software Inc. E-İmar allows SQL Injection.

This issue affects E-İmar: from 2.10.1.0 before 3.0.2.

Affected Version(s)

E-İmar 2.10.1.0 < 3.0.2

References

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/...
government-resource

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mehmet Akif KUBUR
.