Description
SQL Injection affecting the Access Manager role.
Published: 2026-05-25
Score: 6.6 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

SQL Injection affecting the Access Manager role allows an attacker to execute arbitrary SQL statements against the database. The flaw is a classic injection point (CWE-89) that can result in unauthorized data disclosure or modification if exploited. Any sensitive information or system configuration values stored in the database could be accessed or altered by an attacker who can trigger the injection.

Affected Systems

Genetec Security Center from Genetec Inc. is affected. Specific product versions are not listed in the data, but the vulnerability is documented in the security update references for Security Center 5.12.2.17 and 5.13.3.5. No other vendors or products are reported.

Risk and Exploitability

The vulnerability has a CVSS score of 6.6, indicating a moderate severity level. The EPSS score is not available and the entry is not listed in the CISA KEV catalog, so the current exploitation probability is unclear. The likely attack vector involves the web-based Access Manager interface or API where role-based queries are constructed without proper input validation. If an attacker can reach this component, they can retrieve or modify data, compromising confidentiality and integrity of the system.

Generated by OpenCVE AI on May 25, 2026 at 17:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Genetec Security Center to version 5.12.2.17 or later, or to 5.13.3.5 or later as listed in the official security update documentation.
  • If upgrading immediately is not possible, temporarily revoke or limit the privileges of the Access Manager role to prevent exploitation until a patch is applied.
  • Review and refactor all database queries in the Access Manager component to use parameterized statements or prepared statements to eliminate injection vectors.
  • Implement monitoring on database logs for suspicious query patterns to detect potential abuse of the injection flaw.

Generated by OpenCVE AI on May 25, 2026 at 17:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 25 May 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Genetec
Genetec security Center
Vendors & Products Genetec
Genetec security Center

Mon, 25 May 2026 17:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Access Manager

Mon, 25 May 2026 16:30:00 +0000

Type Values Removed Values Added
Description SQL Injection affecting the Access Manager role.
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Genetec Security Center
cve-icon MITRE

Status: PUBLISHED

Assigner: Genetec

Published:

Updated: 2026-05-25T15:39:31.278Z

Reserved: 2026-03-03T16:10:20.924Z

Link: CVE-2026-27768

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T18:00:15Z

Weaknesses