Home / Vulnerability Intelligence / CVE-2026-34747

CVE-2026-34747 - Vulnerability Analysis

HighCVSS: 8.5

Last Updated: April 3, 2026

Payload - SQL Injection

Published: April 1, 2026Updated: April 3, 2026Remote Exploitable

Overview

Payload < 3.79.1 contains a SQL injection caused by improper validation of certain request inputs, letting attackers expose or modify data in collections, exploit requires crafted requests.

Severity & Score

Severity: High

CVSS Score: 8.5

EPSS Score: 4.8%(Probability of exploitation in next 30 days)

Impact

Attackers can expose or modify data in collections, potentially compromising data integrity and confidentiality.

Mitigation

Update to version 3.79.1 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 2, 2026

🟠 CVE-2026-34747 - High (8.5) Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or modifyi... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34747/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-34747
Severity: High
CVSS Score: 8.5
Type: sql_injection
Status: unconfirmed
EPSS: 4.8%
Social Posts: 1

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

EPSS Score

4.8%Probability of exploitation in the next 30 days