Back to overview

CVE-2026-2397

CRITICAL
9.8
CVSS 3.1
Description
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows SQL Injection. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Metadata

CVE ID
CVE-2026-2397
State
PUBLISHED
Assigner
TR-CERT
Reserved
2026-02-12 12:58 UTC
Published
2026-07-10 17:29 UTC
Last updated
2026-07-10 18:15 UTC
Primary CWE
CWE-89
CWE-89 Improper neutralization of special elements used in a…
Vendor / Product
Adam Retail Automation Ltd. / MobilMen 20T
Sources
cve.org  ·  NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
total
Affected products (1)
VendorProductPlatformVersions
Adam Retail Automation Ltd. MobilMen 20T v3 ≤ 10072026
Weakness (CWE)
CWESourceDescription
CWE-89 cna CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection')
CVSS scores (1)
ScoreSeverityVersionSourceVector
9.8 CRITICAL 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Back to overview