SQLi in CMS ALAYA 7.4.1.4 or earlier via admin interface
CVE-2026-40529 Published on April 23, 2026

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface.

NVD

Weakness Type

What is a SQL Injection Vulnerability?

The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE-2026-40529 has been classified to as a SQL Injection vulnerability or weakness.

Affected Versions

KANATA Limited CMS ALAYA Version 7.4.1.4 and earlier is affected by CVE-2026-40529

SQLi in CMS ALAYA 7.4.1.4 or earlier via admin interfaceCVE-2026-40529 Published on April 23, 2026

Weakness Type

What is a SQL Injection Vulnerability?

Affected Versions

SQLi in CMS ALAYA 7.4.1.4 or earlier via admin interface
CVE-2026-40529 Published on April 23, 2026