CVE-2026-10731P2CRITICALCVSS 9.3v2.95.552026-06-09
CVE-2026-10731 [CRITICAL] CWE-89 CVE-2026-10731: SQL injection in the ‘two_steps_auth_code’ parameter processed by the ‘twoStepsAuthVerification’ fun
SQL injection in the ‘two_steps_auth_code’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication (2FA) functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queries on the backend database. A successful exploit
nvd