CVE-2026-25076

Anchore Enterprise ning 5.25.1 versiyasidan oldingi versiyalari GraphQL Reports API’sida SQL in’ektsiyasi zaifligini o‘z ichiga oladi. GraphQL API’siga kira oladigan autentifikatsiyalangan tajovuzkor o‘zboshimchalik bilan SQL ko‘rsatmalarini bajarishi mumkin, bu esa Anchore Enterprise ma’lumotlar bazasidagi ma’lumotlarga o‘zgartirishlar kiritishga olib keladi.

CVSS Vector

Manbalar

• https://anchore.com/platform/
• https://docs.anchore.com/current/docs/release_notes/enterprise/5251/
• https://www.vulncheck.com/advisories/anchore-enterprise-graphql-reports-api-sql-injection