CVE-2026-24913

HIGH CVSS 8.8 View on NVD ↗

Description

SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, information stored in the database may be obtained or altered by a user who can log in to the product.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

https://jvn.jp/en/jp/JVN33581068/
https://oss.icz.co.jp/news/?p=1386

Published: Apr 08, 2026 06:16 UTC Modified: Apr 08, 2026 21:26 UTC