CVE-2026-25947
Published: 10 February 2026
Summary
CVE-2026-25947 is a high-severity SQL Injection (CWE-89) vulnerability in Worklenz Worklenz. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-25947 is a set of multiple SQL injection vulnerabilities (CWE-89) in the Worklenz project management tool, affecting versions prior to 2.1.7. These flaws stem from improper backend SQL query construction and impact several components, including project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocation and scheduling features. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant data compromise.
An attacker with low-privilege authenticated access (PR:L), such as a standard project user, can exploit these SQL injections over the network (AV:N) with low complexity (AC:L) and no user interaction required (UI:N). Successful exploitation enables arbitrary SQL query execution, granting high-impact confidentiality (C:H), integrity (I:H), and availability (A:H) violations, such as extracting sensitive project data, modifying tasks or financial records, deleting resources, or disrupting real-time features.
Mitigation is available via the patch in Worklenz version v2.1.7, as detailed in the project's GitHub security advisory (GHSA-f2f8-2ppj-85pf), release notes (https://github.com/Worklenz/worklenz/releases/tag/v2.1.7), and the fixing commit (https://github.com/Worklenz/worklenz/commit/76e5cb0f5dd566fb65586cd3db30ee951c92a32b). Security practitioners should urge immediate upgrades for affected deployments and review access controls to limit low-privilege user exposure.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-6752
Vulnerability details
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocation and…
more
scheduling features. The vulnerability has been patched in version v2.1.7.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in network-accessible web app (Worklenz) directly enables exploitation of public-facing applications for arbitrary query execution and data impact.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly and comprehensively prevents SQL injection by enforcing input validation mechanisms at all affected backend endpoints, controllers, and handlers to block malicious query construction.
Addresses this specific CVE by requiring timely flaw remediation through patching to version 2.1.7, which fixes the improper SQL query construction in multiple components.
Identifies SQL injection vulnerabilities like those in project management controllers and financial endpoints via regular automated vulnerability scanning.