CVE-2026-25076

HIGH WAF: High

CVSS 7.3 Published: 2026-03-13

CWE-89

Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore Enterprise database.

WAF Coverage Analysis

SQL Injection High WAF Coverage

OWASP: A03:2021 Injection

942xxx - SQL Injection

References

anchore.com
docs.anchore.com
www.vulncheck.com

Back to CVE Database