EUVD-2026-27482

🗓️ 05 May 2026 19:48:07Reported by EUVDType

Masa CMS JSON API altTable allows SQL injection in several versions; fixed later.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-40331	5 May 202619:48	–	attackerkb
Circl	CVE-2026-40331	5 May 202621:18	–	circl
CNNVD	Masa CMS SQL注入漏洞	5 May 202600:00	–	cnnvd
CVE	CVE-2026-40331	5 May 202619:48	–	cve
Cvelist	CVE-2026-40331 Masa CMS unauthenticated SQL injection via altTable parameter in JSON API	5 May 202619:48	–	cvelist
NVD	CVE-2026-40331	5 May 202620:16	–	nvd
Positive Technologies	PT-2026-37237	5 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-40331	5 Jun 202619:14	–	redhatcve
Vulnrichment	CVE-2026-40331 Masa CMS unauthenticated SQL injection via altTable parameter in JSON API	5 May 202619:48	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "fe407369-d990-3e4a-9fe4-295fe2a08e48",
        "vendor": {
          "name": "MasaCMS"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "064585b9-adf7-3b0f-ae61-29b43770c144",
        "product": {
          "name": "MasaCMS"
        },
        "product_version": "≤ 7.2.9"
      },
      {
        "id": "8adbe34d-1aed-3800-8bd7-5838b56f450d",
        "product": {
          "name": "MasaCMS"
        },
        "product_version": "7.5.0, ≤ 7.5.2"
      },
      {
        "id": "a11240f6-9acb-30f5-8019-6ba9aabb1770",
        "product": {
          "name": "MasaCMS"
        },
        "product_version": "7.3.0, ≤ 7.3.14"
      },
      {
        "id": "c3b298a9-9e8d-31d3-aaf4-81db03194741",
        "product": {
          "name": "MasaCMS"
        },
        "product_version": "7.4.0, ≤ 7.4.9"
      }
    ]
  }
]

Source	Link
github	www.github.com/MasaCMS/MasaCMS/security/advisories/GHSA-jphh-r686-6w7j

05 May 2026 19:48Current

5.9Medium risk

Vulners AI Score5.9

CVSS 49.3

EPSS0.0006