CVE-2026-56287
CVE-2026-56287 describes a boolean-based SQL Injection in Apache Fineract’s Client Search API (GET /api/v1/clients) affecting versions up to 1.14.0. The vulnerability arises from the orderBy and sortOrder parameters being concatenated into a SQL query without sufficient validation, enabling an au...