CVE-2026-5575
Published: 05 April 2026
Summary
CVE-2026-5575 is a medium-severity Injection (CWE-74) vulnerability. Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-5575, published on 2026-04-05, is a SQL injection vulnerability (CWE-74, CWE-89) in SourceCodester/jkev Record Management System 1.0. The issue affects an unknown functionality within the index.php file of the Login component, where manipulation of the Username argument enables SQL injection.
Attackers can exploit this vulnerability remotely without authentication or user interaction, as indicated by its CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Exploitation allows limited impacts on confidentiality, integrity, and availability through SQL injection.
Advisories referenced in VulDB entries (vuldb.com/vuln/355345, vuldb.com/submit/783472) and a GitHub repository (github.com/whatyourname12345/CVE/blob/main/PRMS/cve_SQL.md) document the issue, with the exploit now public and available for use. No specific patches or mitigations are detailed in the available information.
The public availability of the exploit increases the risk of real-world exploitation against unpatched instances of the affected software.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-19099
Vulnerability details
A vulnerability was detected in SourceCodester/jkev Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument Username results in sql injection. The attack may be…
more
launched remotely. The exploit is now public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a remote SQL injection vulnerability in the login component of a web-based Record Management System, directly enabling exploitation of a public-facing application without authentication.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Prevents SQL injection attacks by enforcing input validation mechanisms on the Username parameter in the login functionality of index.php.
Remediates the specific SQL injection flaw in the SourceCodester/jkev Record Management System 1.0 login component through timely patching or code correction.
Detects the SQL injection vulnerability via vulnerability scanning of the affected web application.