CVE-2026-2620
Published: 17 February 2026
Summary
CVE-2026-2620 is a medium-severity Injection (CWE-74) vulnerability. Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2026-2620 is a SQL injection vulnerability in the Huace Monitoring and Early Warning System version 2.2. The flaw affects an unknown functionality within the file /Web/SysManage/ProjectRole.aspx, where manipulation of the "ID" argument triggers the injection. This issue, linked to CWE-74 and CWE-89, was published on 2026-02-17.
The vulnerability enables remote exploitation by unauthenticated attackers requiring low complexity and no user interaction, with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Attackers can achieve limited impacts on confidentiality, integrity, and availability through SQL injection. A public exploit is available, increasing the risk of real-world attacks.
Advisories from VulDB and a GitHub repository detail the issue but note that the vendor was contacted early without any response. No patches, workarounds, or official mitigations are provided in the references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-7658
Vulnerability details
A weakness has been identified in Huace Monitoring and Early Warning System 2.2. Affected by this issue is some unknown functionality of the file /Web/SysManage/ProjectRole.aspx. Executing a manipulation of the argument ID can lead to sql injection. It is possible…
more
to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in a public-facing web application (/Web/SysManage/ProjectRole.aspx) directly enables remote unauthenticated exploitation of the web app, mapping to T1190 Exploit Public-Facing Application. Limited C/I/A impacts preclude reliable mapping to command execution, credential dumping, or data exfiltration techniques.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and sanitization of untrusted inputs such as the ID parameter on ProjectRole.aspx to block SQL injection payloads.
Limits the database account privileges used by the web application so that a successful SQL injection yields only the observed limited C/I/A impact.
Enables monitoring of web-application traffic and database queries to identify anomalous SQL syntax or error patterns indicative of injection attempts.