Cyber Posture

CVE-2026-25076

HighPublic PoC

Published: 13 March 2026

Published
13 March 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0004 11.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25076 is a high-severity SQL Injection (CWE-89) vulnerability in Anchore Enterprise (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Databases (T1213.006); ranked at the 11.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Databases (T1213.006) and 1 other technique.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

CA-8 Penetration Testing
addresses: CWE-89

Penetration testing uses SQL injection payloads against database interfaces, identifying and supporting fixes for SQL injection weaknesses.

SI-10 Information Input Validation
addresses: CWE-89

Validates query inputs to prevent SQL syntax or command manipulation.

MITRE ATT&CK Enterprise TechniquesAI

T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
attack.mitre.org →
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
attack.mitre.org →
Why these techniques?

SQL injection in the GraphQL API directly enables arbitrary database queries (collection from DB repositories) and data modifications (stored data manipulation).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the…

more

Anchore Enterprise database.

Deeper analysisAI

CVE-2026-25076 is an SQL injection vulnerability (CWE-89) in the GraphQL Reports API of Anchore Enterprise versions before 5.25.1. It allows an authenticated attacker with access to the GraphQL API to execute arbitrary SQL instructions, resulting in modifications to data in the Anchore Enterprise database. The vulnerability carries a CVSS v3.1 base score of 7.3 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) and was published on 2026-03-13T19:54:18.827.

An attacker requires low privileges (PR:L) and adjacent network access (AV:A) to exploit this with low complexity (AC:L) and no user interaction (UI:N). Successful exploitation enables arbitrary SQL execution, achieving high confidentiality (C:H) and integrity (I:H) impacts through data modifications, with no availability impact (A:N).

Anchore's release notes for version 5.25.1 address this issue, recommending upgrade to that version or later for mitigation. Additional details on the vulnerability and remediation are provided in advisories from Anchore and VulnCheck.

Details

CWE(s)
CWE-89

Affected Products

Anchore
Enterprise
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-29187Shared CWE-89
CVE-2026-2094Shared CWE-89
CVE-2024-12016Shared CWE-89
CVE-2026-30534Shared CWE-89
CVE-2025-26346Shared CWE-89
CVE-2026-39340Shared CWE-89
CVE-2025-1134Shared CWE-89
CVE-2025-27617Shared CWE-89
CVE-2026-25746Shared CWE-89
CVE-2025-22210Shared CWE-89

References