Description
Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore Enterprise database.
Published: 2026-03-12
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: SQL injection leading to unauthorized database modifications
Action: Apply Patch
AI Analysis

Impact

Anchore Enterprise versions prior to 5.25.1 contain a flaw in the GraphQL Reports API that allows an attacker with valid authentication to inject and execute arbitrary SQL statements against the system database. This injection can modify, delete, or exfiltrate data stored within Anchore, thereby compromising data integrity and confidentiality.

Affected Systems

The vulnerability applies to Anchore Enterprise deployments using any version earlier than 5.25.1. The affected component is the GraphQL Reports API service that processes authenticated user requests.

Risk and Exploitability

The flaw has a CVSS score of 8.5, indicating high impact, while the EPSS score is less than 1%, suggesting a low probability of current exploitation. It is not listed in the CISA KEV catalog. Exploitation requires authenticated access to the GraphQL API, making it a threat primarily to privileged users or compromised accounts within the network.

Generated by OpenCVE AI on March 18, 2026 at 15:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Anchore Enterprise patch released in version 5.25.1 or later.

Generated by OpenCVE AI on March 18, 2026 at 15:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
Description Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore Enterprise database.
Title Anchore Enterprise GraphQL Reports API SQL injection
First Time appeared Anchore
Anchore anchore
Weaknesses CWE-89
CPEs cpe:2.3:a:anchore:anchore:*:*:*:*:enterprise:*:*:*
Vendors & Products Anchore
Anchore anchore
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Anchore Anchore
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-13T13:08:47.633Z

Reserved: 2026-01-28T21:47:35.121Z

Link: CVE-2026-25076

cve-icon Vulnrichment

Updated: 2026-03-13T13:08:41.365Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:18.827

Modified: 2026-03-16T14:54:11.293

Link: CVE-2026-25076

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T10:00:23Z

Weaknesses