CVE-2026-2584

UNKNOWN 0.0

SQL Injection in Ciser System SL firmware

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity (AC:L) and the absence of specific requirements (AT:N), the vulnerability allows for a total compromise of the system's configuration data (VC:H/VI:H). While the availability of the service remains unaffected (VA:N), the breach may lead to a limited exposure of sensitive information regarding subsequent or interconnected systems (SC:L).

CWE	CWE-89
Vendor	ciser system sl
Product	csip firmware
Published	Mar 2, 2026
Last Updated	Mar 2, 2026

Stay Ahead of the Next One

Get instant alerts for ciser system sl csip firmware

Be the first to know when new unknown vulnerabilities affecting ciser system sl csip firmware are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Ciser System SL / CSIP firmware

3.0 to 5.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

incibe.es: https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-ciser-system-sl-firmware