Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Huace Monitoring and Early Warning System 2.2: SQL injection risk via malicious input
CVE-2026-2620
Summary
An unknown feature in Huace Monitoring and Early Warning System 2.2 can be exploited by entering malicious data, potentially allowing an attacker to access sensitive data without permission. This issue affects the security of the system and could be used by attackers. The vendor has not responded to a notification about this issue, so users should be cautious and consider taking steps to protect themselves.
Original title
A weakness has been identified in Huace Monitoring and Early Warning System 2.2. Affected by this issue is some unknown functionality of the file /Web/SysManage/ProjectRole.aspx. Executing a manipu...
Original description
A weakness has been identified in Huace Monitoring and Early Warning System 2.2. Affected by this issue is some unknown functionality of the file /Web/SysManage/ProjectRole.aspx. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026