Cyber Posture

CVE-2026-21856

HighPublic PoC

Published: 07 January 2026

Published
07 January 2026
Modified
03 February 2026
KEV Added
Patch
CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0005 15.8th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-21856 is a high-severity SQL Injection (CWE-89) vulnerability in Tarkov Tarkov Data Manager. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 15.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190).
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

CA-8 Penetration Testing
addresses: CWE-89

Penetration testing uses SQL injection payloads against database interfaces, identifying and supporting fixes for SQL injection weaknesses.

SI-10 Information Input Validation
addresses: CWE-89

Validates query inputs to prevent SQL syntax or command manipulation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Direct mapping to exploitation of a vulnerable web/API application (SQL injection in webhook and scanner endpoints) allowing remote arbitrary query execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary…

more

SQL queries against the MySQL database. Commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8 contains a patch.

Deeper analysisAI

CVE-2026-21856 is a time-based blind SQL injection vulnerability (CWE-89) in the Tarkov Data Manager, an open-source tool for managing item data related to the game Tarkov. The issue affects the webhook edit and scanner API endpoints in versions prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, enabling arbitrary SQL query execution against the backend MySQL database.

An authenticated attacker with high privileges (PR:H) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged security scope (S:U), as reflected in the CVSS v3.1 base score of 7.2.

Mitigation is provided by upgrading to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8 or later, which patches the vulnerable endpoints. Further details on the vulnerability and fix are documented in the GitHub commit at https://github.com/the-hideout/tarkov-data-manager/commit/9bdb3a75a98a7047b6d70144eb1da1655d6992a8 and the security advisory at https://github.com/the-hideout/tarkov-data-manager/security/advisories/GHSA-4gcx-ghwc-rc78.

Details

CWE(s)
CWE-89

Affected Products

tarkov
tarkov data manager
≤ 2026-01-02

CVEs Like This One

CVE-2026-21854Same product: Tarkov Tarkov Data Manager
CVE-2026-21855Same product: Tarkov Tarkov Data Manager
CVE-2026-3180Shared CWE-89
CVE-2025-1872Shared CWE-89
CVE-2026-32458Shared CWE-89
CVE-2026-24494Shared CWE-89
CVE-2025-26875Shared CWE-89
CVE-2026-26263Shared CWE-89
CVE-2026-30531Shared CWE-89
CVE-2025-7636Shared CWE-89

References