Home / Vulnerability Intelligence / CVE-2026-35168

CVE-2026-35168 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: April 3, 2026

OpenSTAManager - SQL Injection

Published: April 2, 2026Updated: April 3, 2026Remote Exploitable

Overview

OpenSTAManager < 2.10.2 contains a SQL injection caused by unsanitized execution of JSON array of SQL statements in Aggiornamenti module, letting authenticated attackers execute arbitrary SQL commands.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 6.1%(Probability of exploitation in next 30 days)

Impact

Authenticated attackers can execute arbitrary SQL commands, leading to full database compromise and data manipulation.

Mitigation

Update to version 2.10.2 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 4, 2026

🟠 CVE-2026-35168 - High (8.8) OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti (Updates) module in OpenSTAManager contains a database conflict resolution feature (op=risolvi-conflitti-databa... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35168/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-35168
Severity: High
CVSS Score: 8.8
Type: sql_injection
Status: unconfirmed
EPSS: 6.1%
Social Posts: 1

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

6.1%Probability of exploitation in the next 30 days