CVE-2026-12076
Severity CVSS v4.0:
CRITICAL
Type:
CWE-89
SQL Injection
Publication date:
30/06/2026
Last modified:
30/06/2026
Description
Raytha CMS is vulnerable to SQL Injection within the OData filter parsing pipeline. The vulnerability allows a remote, unauthenticated attacker to execute <br />
arbitrary SQL statements against the underlying PostgreSQL database, <br />
leading to full database compromise, including credential extraction.<br />
<br />
Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 1.5.2 but may also affect other versions.
Impact
Base Score 4.0
9.30
Severity 4.0
CRITICAL



