CVE-2026-24913

HIGH 8.8

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

9th

SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, information stored in the database may be obtained or altered by a user who can log in to the product.

Vendor	icz corporation
Product	matcha invoice
Published	Apr 8, 2026
Last Updated	Apr 8, 2026

Stay Ahead of the Next One

Get instant alerts for icz corporation matcha invoice

Be the first to know when new high vulnerabilities affecting icz corporation matcha invoice are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Versions

ICZ Corporation / MATCHA INVOICE

2.6.6 and earlier

References

NVD ↗ CVE.org ↗ EPSS Data ↗

oss.icz.co.jp: https://oss.icz.co.jp/news/?p=1386 jvn.jp: https://jvn.jp/en/jp/JVN33581068/