CVE-2026-49771
High
Published: 04 June 2026
Published
04 June 2026
Modified
04 June 2026
KEV Added
—
Patch
—
CVSS Score v3.1
7.6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
EPSS Score
0.0023
13.1th percentile
Risk Priority
15
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2026-49771 is a high-severity SQL Injection (CWE-89) vulnerability. Its CVSS base score is 7.6 (High).
Operationally, ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-34240
Vulnerability details
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41.
- CWE(s)
Related Threats
CVEs Like This One
CVE-2025-27263Shared CWE-89
CVE-2026-2468Shared CWE-89
CVE-2024-57031Shared CWE-89
CVE-2019-25455Shared CWE-89
CVE-2025-70152Shared CWE-89
CVE-2025-25387Shared CWE-89
CVE-2026-30995Shared CWE-89
CVE-2026-32422Shared CWE-89
CVE-2025-26535Shared CWE-89
CVE-2025-25064Shared CWE-89
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.