Auth SQLi Exec Arbitrary Cmd via Interface
CVE-2026-6888 Published on May 13, 2026

SQL Injection Vulnerability
Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database.

NVD

Vulnerability Analysis

CVE-2026-6888 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a SQL Injection Vulnerability?

The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE-2026-6888 has been classified to as a SQL Injection vulnerability or weakness.


Products Associated with CVE-2026-6888

stack.watch emails you whenever new vulnerabilities are published in Advantech Webaccessscada or Advantech Webaccess. Just hit a watch button to start following.

Advantech Webaccessscada
 
Advantech Webaccess
 

Affected Versions

Advantech SaaS Composer: Advantech IoTSuite Growth Linux docker: Advantech IoTSuite Starter Linux docker: Advantech IoT Edge Linux docker: Advantech IoT Edge Windows: Advantech WebAccess/SCADA: Advantech WebAccess SaaS-Composer: Advantech ECOWatch SaaS-Composer: