{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25947", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-09T17:13:54.064Z", "datePublished": "2026-02-10T17:32:56.224Z", "dateUpdated": "2026-02-10T19:26:19.859Z"}, "containers": {"cna": {"title": "Worklenz Boolean-Based Blind SQL Injection via Improper ORDER BY Clause Input Validation", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/Worklenz/worklenz/security/advisories/GHSA-f2f8-2ppj-85pf", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Worklenz/worklenz/security/advisories/GHSA-f2f8-2ppj-85pf"}, {"name": "https://github.com/Worklenz/worklenz/commit/76e5cb0f5dd566fb65586cd3db30ee951c92a32b", "tags": ["x_refsource_MISC"], "url": "https://github.com/Worklenz/worklenz/commit/76e5cb0f5dd566fb65586cd3db30ee951c92a32b"}, {"name": "https://github.com/Worklenz/worklenz/releases/tag/v2.1.7", "tags": ["x_refsource_MISC"], "url": "https://github.com/Worklenz/worklenz/releases/tag/v2.1.7"}], "affected": [{"vendor": "Worklenz", "product": "worklenz", "versions": [{"version": "< 2.1.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-10T17:32:56.224Z"}, "descriptions": [{"lang": "en", "value": "Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocation and scheduling features. The vulnerability has been patched in version v2.1.7."}], "source": {"advisory": "GHSA-f2f8-2ppj-85pf", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-10T19:26:10.012909Z", "id": "CVE-2026-25947", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T19:26:19.859Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25947", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-10T19:26:10.012909Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T19:25:45.460Z"}}], "cna": {"title": "Worklenz Boolean-Based Blind SQL Injection via Improper ORDER BY Clause Input Validation", "source": {"advisory": "GHSA-f2f8-2ppj-85pf", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Worklenz", "product": "worklenz", "versions": [{"status": "affected", "version": "< 2.1.7"}]}], "references": [{"url": "https://github.com/Worklenz/worklenz/security/advisories/GHSA-f2f8-2ppj-85pf", "name": "https://github.com/Worklenz/worklenz/security/advisories/GHSA-f2f8-2ppj-85pf", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Worklenz/worklenz/commit/76e5cb0f5dd566fb65586cd3db30ee951c92a32b", "name": "https://github.com/Worklenz/worklenz/commit/76e5cb0f5dd566fb65586cd3db30ee951c92a32b", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/Worklenz/worklenz/releases/tag/v2.1.7", "name": "https://github.com/Worklenz/worklenz/releases/tag/v2.1.7", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocation and scheduling features. The vulnerability has been patched in version v2.1.7."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-10T17:32:56.224Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25947", "state": "PUBLISHED", "dateUpdated": "2026-02-10T19:26:19.859Z", "dateReserved": "2026-02-09T17:13:54.064Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-10T17:32:56.224Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:worklenz:worklenz:*:*:*:*:*:*:*:*", "matchCriteriaId": "C488A1A0-AD25-4AF0-B022-3F30C5F88BEC", "versionEndExcluding": "2.1.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocation and scheduling features. The vulnerability has been patched in version v2.1.7."}, {"lang": "es", "value": "Worklenz es una herramienta de gesti\u00f3n de proyectos. Antes de 2.1.7, se descubrieron m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en la construcci\u00f3n de consultas SQL del backend que afectaban a los controladores de gesti\u00f3n de proyectos y tareas, a los puntos finales de datos financieros y de informes, a los manejadores de socket.io en tiempo real, y a las caracter\u00edsticas de asignaci\u00f3n y programaci\u00f3n de recursos. La vulnerabilidad ha sido parcheada en la versi\u00f3n v2.1.7."}], "id": "CVE-2026-25947", "lastModified": "2026-02-23T17:57:18.470", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-10T18:16:38.423", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/Worklenz/worklenz/commit/76e5cb0f5dd566fb65586cd3db30ee951c92a32b"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/Worklenz/worklenz/releases/tag/v2.1.7"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Patch", "Vendor Advisory"], "url": "https://github.com/Worklenz/worklenz/security/advisories/GHSA-f2f8-2ppj-85pf"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.1.7)"}}], "product": "worklenz", "vendor": "worklenz"}], "analysis": {"en": {"generated_at": "2026-04-17T20:44:19.653214+00:00", "value": {"mitigation_remediation": ["Upgrade Worklenz to version 2.1.7 or later to apply the vendor patch.", "If an upgrade cannot be performed immediately, deploy a web application firewall rule that blocks suspicious ORDER BY syntax or keywords associated with SQL injection.", "Ensure that the database account used by Worklenz has the minimal required privileges, limiting it to read\u2011only operations wherever possible to reduce the impact of any remaining injection vectors."], "summary": {"action": "Immediate Patch", "impact": "Data Confidentiality Compromise"}, "threat_synthesis": {"affected_systems": "All installations of Worklenz prior to version 2.1.7 are affected. The issue was present in the client\u2019s backend handling of project and task management controllers, reporting and financial data endpoints, real\u2011time socket.io handlers, and resource allocation and scheduling features. The vendor released a fix in Worklenz v2.1.7, which addresses all identified injection vectors.", "description_and_impact": "The vulnerability is a Boolean\u2011based blind SQL injection that arises from the application\u2019s failure to properly validate input used in ORDER BY clauses. This flaw allows an attacker to craft queries that return true or false responses, enabling iterative enumeration of database contents and the potential alteration of sensitive data. The injection is not limited to a single endpoint; it spans project and task management, reporting and financial data, socket.io handlers, and resource allocation features. The impact is significant because it can reveal confidential project information, financial records, and real\u2011time operational data to an adversary.", "risk_and_exploitability": "The CVSS score of 8.8 indicates high severity. The EPSS score is below 1\u202f%, signifying a low likelihood of exploitation in the wild, though the vulnerability remains publicly documented and not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote via a web interface that accepts ORDER BY parameters. Exploitation would allow attackers to extract or modify data stored in the Worklenz database, potentially leading to a breach of confidentiality, integrity, or availability of project information."}}}}, "created": "2026-02-10T21:41:57.245592+00:00", "updated": "2026-04-17T20:45:25.774977+00:00", "vendors": ["worklenz", "worklenz$PRODUCT$worklenz"]}