{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5587", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-04T21:50:09.591Z", "datePublished": "2026-04-05T18:15:11.425Z", "dateUpdated": "2026-04-07T02:55:40.552Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-05T18:15:11.425Z"}, "title": "wbbeyourself MAC-SQL Refiner Agent agents.py _execute_sql sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "wbbeyourself", "product": "MAC-SQL", "versions": [{"version": "31a9df5e0d520be4769be57a4b9022e5e34a14f4", "status": "affected"}], "modules": ["Refiner Agent"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769be57a4b9022e5e34a14f4. This affects the function _execute_sql of the file core/agents.py of the component Refiner Agent. The manipulation leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-04T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-04T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-04T23:55:14.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Goku (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/355386", "name": "VDB-355386 | wbbeyourself MAC-SQL Refiner Agent agents.py _execute_sql sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/355386/cti", "name": "VDB-355386 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/784459", "name": "Submit #784459 | MAC-SQL The latest version SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Ka7arotto/cve/blob/main/MAC-SQL/issue.md", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T02:55:27.143558Z", "id": "CVE-2026-5587", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T02:55:40.552Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769be57a4b9022e5e34a14f4. This affects the function _execute_sql of the file core/agents.py of the component Refiner Agent. The manipulation leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-5587", "lastModified": "2026-04-05T19:17:05.213", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-05T19:17:05.213", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/Ka7arotto/cve/blob/main/MAC-SQL/issue.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/784459"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/355386"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/355386/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "31a9df5e0d520be4769be57a4b9022e5e34a14f4"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "MAC-SQL", "source": "cna", "vendor": "wbbeyourself"}, "product": "mac-sql", "vendor": "wbbeyourself"}], "analysis": {"en": {"generated_at": "2026-04-05T20:20:14.641932+00:00", "value": {"mitigation_remediation": ["Update MAC\u2011SQL to a commit newer than 31a9df5e0d520be4769be57a4b9022e5e34a14f4 once a fix is released or back\u2011port the safety changes from the latest source.", "Restrict network access to the Refiner Agent endpoint, allowing connections only from trusted hosts or IP ranges.", "Validate and sanitize all user inputs before they are passed to _execute_sql, ensuring that query strings cannot be manipulated.", "Monitor database logs for anomalous or unexpected queries and alert security teams to potential exploitation attempts."], "summary": {"action": "Immediate Patch", "impact": "Remote SQL Injection"}, "threat_synthesis": {"affected_systems": "All installations of wbbeyourself MAC\u2011SQL up to the commit 31a9df5e0d520be4769be57a4b9022e5e34a14f4 are susceptible. The product follows a rolling release model, so affected versions are identified only by the last known compromised commit, and no specific release is listed as fixed.", "description_and_impact": "The flaw resides in the _execute_sql method of the Refiner Agent component of wbbeyourself MAC\u2011SQL. Malicious input can be injected into the SQL query, allowing an attacker to manipulate database commands. This vulnerability directly leads to unauthorized data modification or retrieval, potentially exposing sensitive information or disrupting database integrity. The associated weaknesses are represented by CWE\u201189 (SQL Injection) and CWE\u201174 (HTML Injection).", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity, yet the attack is remotely exploitable and publicly available, raising the risk profile. EPSS data is missing, but the presence of a public exploit suggests a higher likelihood of real\u2011world attacks. The vulnerability is not listed in CISA\u2019s KEV catalog, yet the combination of remote access and unauthenticated injection presents a significant threat if left unmitigated."}}}}, "created": "2026-04-06T20:23:05.950386+00:00", "updated": "2026-04-06T21:56:26.350010+00:00", "vendors": ["wbbeyourself", "wbbeyourself$PRODUCT$mac-sql"]}