CVE-2026-25076

HIGH 7.3

Anchore Enterprise GraphQL Reports API SQL injection

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

0th

Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore Enterprise database.

CWE	CWE-89
Vendor	anchore
Product	anchore enterprise
Published	Mar 12, 2026
Last Updated	Mar 13, 2026

Stay Ahead of the Next One

Get instant alerts for anchore anchore enterprise

Be the first to know when new high vulnerabilities affecting anchore anchore enterprise are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Affected Versions

Anchore / Anchore Enterprise

0 < 5.25.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

docs.anchore.com: https://docs.anchore.com/current/docs/release_notes/enterprise/5251/ anchore.com: https://anchore.com/platform/ vulncheck.com: https://www.vulncheck.com/advisories/anchore-enterprise-graphql-reports-api-sql-injection

Credits

Andrew Van Fleteren