Description
A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769be57a4b9022e5e34a14f4. This affects the function _execute_sql of the file core/agents.py of the component Refiner Agent. The manipulation leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-05
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL Injection
Action: Immediate Patch
AI Analysis

Impact

The flaw resides in the _execute_sql method of the Refiner Agent component of wbbeyourself MAC‑SQL. Malicious input can be injected into the SQL query, allowing an attacker to manipulate database commands. This vulnerability directly leads to unauthorized data modification or retrieval, potentially exposing sensitive information or disrupting database integrity. The associated weaknesses are represented by CWE‑89 (SQL Injection) and CWE‑74 (HTML Injection).

Affected Systems

All installations of wbbeyourself MAC‑SQL up to the commit 31a9df5e0d520be4769be57a4b9022e5e34a14f4 are susceptible. The product follows a rolling release model, so affected versions are identified only by the last known compromised commit, and no specific release is listed as fixed.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, yet the attack is remotely exploitable and publicly available, raising the risk profile. EPSS data is missing, but the presence of a public exploit suggests a higher likelihood of real‑world attacks. The vulnerability is not listed in CISA’s KEV catalog, yet the combination of remote access and unauthenticated injection presents a significant threat if left unmitigated.

Generated by OpenCVE AI on April 5, 2026 at 20:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update MAC‑SQL to a commit newer than 31a9df5e0d520be4769be57a4b9022e5e34a14f4 once a fix is released or back‑port the safety changes from the latest source.
  • Restrict network access to the Refiner Agent endpoint, allowing connections only from trusted hosts or IP ranges.
  • Validate and sanitize all user inputs before they are passed to _execute_sql, ensuring that query strings cannot be manipulated.
  • Monitor database logs for anomalous or unexpected queries and alert security teams to potential exploitation attempts.

Generated by OpenCVE AI on April 5, 2026 at 20:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Wbbeyourself
Wbbeyourself mac-sql
Vendors & Products Wbbeyourself
Wbbeyourself mac-sql

Sun, 05 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769be57a4b9022e5e34a14f4. This affects the function _execute_sql of the file core/agents.py of the component Refiner Agent. The manipulation leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.
Title wbbeyourself MAC-SQL Refiner Agent agents.py _execute_sql sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Wbbeyourself Mac-sql
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-07T02:55:40.552Z

Reserved: 2026-04-04T21:50:09.591Z

Link: CVE-2026-5587

cve-icon Vulnrichment

Updated: 2026-04-07T02:55:36.436Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-05T19:17:05.213

Modified: 2026-04-07T13:20:35.010

Link: CVE-2026-5587

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:56:26Z

Weaknesses