CVE-2026-2397

Summary

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows SQL Injection.

This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
Adam Retail Automation Ltd.MobilMen 20Tv3 <= 10072026affected

Weaknesses

  • CWE-89: CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References