Cyber Resilience

CVE-2026-2161

MediumPublic PoC

Published: 08 February 2026

Published
08 February 2026
Modified
10 February 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0039 30.2th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-2161 is a medium-severity Injection (CWE-74) vulnerability in Clive 21 Directory Management System. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 30.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2026-2161 is a SQL injection vulnerability (CWE-74, CWE-89) in the itsourcecode Directory Management System version 1.0. The flaw resides in an unknown functionality of the file /admin/forget-password.php, where manipulation of the "email" argument triggers the injection. Published on 2026-02-08, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and is remotely exploitable.

Attackers require no privileges or user interaction and can exploit it over the network with low complexity. Successful exploitation enables low-level impacts on confidentiality, integrity, and availability, such as unauthorized data access, modification, or denial of service via injected SQL queries. An exploit has been made public, increasing the risk for exposed instances.

Advisories are documented in VulDB entries (ctiid.344863, id.344863, submit.751082) and a GitHub issue at github.com/Wzl731/test/issues/1, along with the vendor site itsourcecode.com. No specific patches or mitigations are detailed in the provided references.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability was found in itsourcecode Directory Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/forget-password.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit…

more

has been made public and could be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct remote exploitation of a public-facing web application via SQL injection in a PHP script, matching T1190 exactly with no auth or interaction required.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-1688Same product: Clive 21 Directory Management System
CVE-2026-3135Same vendor: Clive 21
CVE-2026-3164Same vendor: Clive 21
CVE-2026-3134Same vendor: Clive 21
CVE-2026-2162Same vendor: Clive 21
CVE-2026-2225Same vendor: Clive 21
CVE-2026-2116Shared CWE-74, CWE-89
CVE-2025-15436Shared CWE-74, CWE-89
CVE-2026-6148Shared CWE-74, CWE-89
CVE-2026-3792Shared CWE-74, CWE-89

Affected Assets

clive 21
directory management system
1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of the email input parameter in forget-password.php to reject SQL syntax and thereby block the injection described in CVE-2026-2161.

preventdetect

Boundary-protection mechanisms such as a WAF can inspect and drop HTTP requests containing SQL metacharacters targeting /admin/forget-password.php before they reach the vulnerable code.

detect

Continuous monitoring of application and database logs can identify anomalous SQL syntax or error patterns originating from the email field, enabling detection of exploitation attempts.

References