Cyber Posture

CVE-2026-6562

High

Published: 19 April 2026

Published
19 April 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0004 11.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-6562 is a high-severity Injection (CWE-74) vulnerability in Github (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents SQL injection by requiring validation of the manipulable 'keyword' argument in the getListByPage function of /index/Search/index.html.

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and correction of the SQL injection flaw in dameng100 muucmf 1.9.5.20260309 to mitigate exploitation.

RA-5 Vulnerability Monitoring and Scanning partial match
detect

Enables vulnerability scanning to identify SQL injection issues like CVE-2026-6562 in hosted web applications for subsequent remediation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

SQL injection in public-facing web app directly enables T1190 Exploit Public-Facing Application for remote unauthenticated access and arbitrary SQL execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has…

more

been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2026-6562 is a SQL injection vulnerability in the dameng100 muucmf version 1.9.5.20260309. The flaw affects the getListByPage function within the file /index/Search/index.html, where manipulation of the keyword argument enables arbitrary SQL code execution.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity, as indicated by its CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Successful exploitation can result in limited impacts to confidentiality, integrity, and availability, potentially allowing unauthorized data access, modification, or disruption.

Advisories from VulDB detail the issue and note that an exploit has been publicly disclosed, including a proof-of-concept on GitHub. The vendor was contacted early regarding disclosure but provided no response, and no patches or mitigations are mentioned in available references.

The exploit's publication increases the risk of active use against unpatched instances of this software.

Details

CWE(s)
CWE-74CWE-89

Affected Products

Github
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-4844Shared CWE-74, CWE-89
CVE-2025-0698Shared CWE-74, CWE-89
CVE-2026-3790Shared CWE-74, CWE-89
CVE-2026-5813Shared CWE-74, CWE-89
CVE-2026-3406Shared CWE-74, CWE-89
CVE-2026-3151Shared CWE-74, CWE-89
CVE-2025-1809Shared CWE-74, CWE-89
CVE-2025-1464Shared CWE-74, CWE-89
CVE-2026-6189Shared CWE-74, CWE-89
CVE-2025-2088Shared CWE-74, CWE-89

References