Primary

Context

Anchore Enterprise SQL Injection Vulnerability in GraphQL Reports API

Vulnerability

Patched

A SQL injection vulnerability has been identified in the GraphQL Reports API of Anchore Enterprise, affecting versions prior to 5.25.1. This vulnerability allows authenticated attackers with access to the GraphQL API to execute arbitrary SQL commands, potentially leading to unauthorized modifications of data in the Anchore Enterprise database.

Impact

Exploitation of this vulnerability allows for authenticated SQL injection, with the potential to alter database contents.

Remediation

Users can upgrade to Anchore Enterprise version 5.25.1 or later to address this vulnerability.

Added: Mar 13, 2026, 7:58 PM

Updated: Mar 13, 2026, 7:58 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

4.9

remediation

7.7

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

4.9

remediation

7.7

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Anchore Enterprise SQL Injection Vulnerability in GraphQL Reports API

Vulnerability

Impact

Remediation

Affected Products

Anchore Enterprise

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating