CVE Catalog

CVE-2026-48886

CriticalCVSS 9.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

JS Help Desk versions up to 3.0.9 are vulnerable to unauthenticated SQL injection, potentially allowing attackers to access database data.

Risk Assessment

Organizations using these versions may be at risk of data theft or manipulation in the database.

Recommendation

It is recommended to upgrade to the latest version of JS Help Desk to mitigate this vulnerability.

Original NVD description (English source)

Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS