Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Delinea Cloud Suite allows Argument Injection.This issue affects Cloud Suite: before 25.2 HF1.
Published: 2026-02-19
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Potential Data Compromise via SQL Injection
Action: Patch Immediately
AI Analysis

Impact

This vulnerability arises from an improper neutralization of special elements used within SQL commands in Delinea Cloud Suite, allowing argument injection that can lead to unauthorized data access or modification. The weakness maps to CWE‑89, a flaw in input validation that enables attackers to craft malicious SQL statements. Such an injection could expose sensitive information or corrupt stored data.

Affected Systems

Affected are all instances of Delinea Cloud Suite running versions prior to 25.2 HF1. This includes any deployment of the Cloud Suite that has not been upgraded to the 25.2 HF1 release or later. No other vendors or product lines are listed as impacted.

Risk and Exploitability

The CVSS score of 9.3 identifies the flaw as critical, and although the EPSS score is less than 1%, indicating low exploitation probability, the vulnerability remains a high‑risk target for attackers seeking data exposure. The likely attack vector is through web or API interfaces that accept unsanitized user input used in database queries. The absence from CISA’s KEV catalog does not reduce the potential impact for exposed systems.

Generated by OpenCVE AI on April 17, 2026 at 18:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Delinea Cloud Suite to version 25.2 HF1 or later
  • Restrict the application’s database user to the minimum set of privileges necessary for normal operation
  • Implement input validation or WAF rules that detect and block SQL injection patterns

Generated by OpenCVE AI on April 17, 2026 at 18:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Title SQL Injection via Argument Injection in Delinea Cloud Suite up to 25.2

Sat, 21 Feb 2026 08:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Delinea
Delinea cloud Suite
Vendors & Products Delinea
Delinea cloud Suite

Thu, 19 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Delinea Cloud Suite allows Argument Injection.This issue affects Cloud Suite: before 25.2 HF1.
Weaknesses CWE-89
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N'}

Subscriptions

Delinea Cloud Suite
cve-icon MITRE

Status: PUBLISHED

Assigner: Delinea

Published:

Updated: 2026-02-20T20:26:09.822Z

Reserved: 2026-02-12T14:56:45.684Z

Link: CVE-2026-2409

cve-icon Vulnrichment

Updated: 2026-02-20T20:26:04.954Z

cve-icon NVD

Status : Deferred

Published: 2026-02-19T18:25:00.633

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-2409

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T18:15:26Z

Weaknesses