CVE-2026-27847
Published: 25 February 2026
Summary
CVE-2026-27847 is a critical-severity SQL Injection (CWE-89) vulnerability in Syss (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 23.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-27847 is a SQL injection vulnerability (CWE-89) caused by improper neutralization of special elements in the TLS-SRP handshake process. This flaw allows SQL statements to be injected, enabling attackers to manipulate database interactions during authentication. The vulnerability affects MR9600 firmware version 1.0.4.205530 and MX4200 firmware version 1.0.13.210200, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical.
A remote, unauthenticated attacker can exploit this issue over the network with low complexity and no user interaction required. By injecting known credentials via the TLS-SRP handshake, the attacker can trick the database into validating them, successfully completing the handshake and gaining access to the protected service. This achieves high-impact confidentiality, integrity, and availability compromises.
The SYSS advisory at https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-009.txt provides further details on the vulnerability; security practitioners should consult it for recommended mitigations and any available patches.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-8649
Vulnerability details
Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and…
more
use the protected service. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated SQL injection in TLS-SRP authentication handshake of network-exposed firmware directly enables initial access via exploitation of a public-facing application/service.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-10 mandates validation and sanitization of inputs from external sources like the TLS-SRP handshake to prevent SQL injection by neutralizing special elements used in database queries.
SI-2 requires timely identification, reporting, and patching of flaws such as this SQL injection vulnerability in the affected MR9600 and MX4200 firmware.
RA-5 employs vulnerability scanning to identify SQL injection flaws in authentication processes like TLS-SRP handshakes and triggers remediation.