MEDIUMCVE-2026-6833CVSS 6.5

CVE-2026-6833: SQL Injection in a+HRD by aEnrich

Platform

php

Component

aenrich-a+hrd

Fixed in

7.1.1

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026

View on NVD

Save

CVE-2026-6833 describes a SQL Injection vulnerability discovered in a+HRD, a product developed by aEnrich. This flaw allows authenticated remote attackers to inject arbitrary SQL commands, potentially leading to unauthorized access to sensitive database information. The vulnerability impacts versions 0.0.0 through 7.1 of a+HRD, and a patch is expected to be released by the vendor.

Impact and Attack Scenarios

Successful exploitation of CVE-2026-6833 could allow an attacker to bypass authentication and directly manipulate the database. This could result in the exfiltration of sensitive data such as user credentials, financial records, or proprietary business information. Depending on the database schema and permissions, an attacker might even be able to modify or delete data, leading to significant operational disruption. The blast radius extends to any system relying on the compromised a+HRD database, potentially impacting downstream applications and integrations.

Exploitation Context

CVE-2026-6833 was publicly disclosed on 2026-04-22. The vulnerability's exploitation context is currently unknown; no public proof-of-concept (PoC) code has been released. Its inclusion in the NVD and CISA KEV catalog is pending. The MEDIUM CVSS score suggests a moderate probability of exploitation if a PoC becomes available.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

Reports1 threat report

EPSS

0.04% (12% percentile)

CISA SSVC

Exploitationnone

Automatableno

Technical Impact

Affected Software

Componentaenrich-a+hrd

VendoraEnrich

Affected rangeFixed in

0 – 7.17.1.1

Weakness Classification (CWE)

CWE-89

Timeline

Reserved2026-04-22
Published2026-04-22
EPSS updated2026-04-29

Unpatched — 32 days since disclosure

Mitigation and Workarounds

The primary mitigation for CVE-2026-6833 is to upgrade to a patched version of a+HRD as soon as it becomes available from aEnrich. Until a patch is deployed, consider implementing strict input validation and parameterized queries within the application to prevent SQL injection attacks. Web application firewalls (WAFs) configured with rules to detect and block SQL injection attempts can provide an additional layer of defense. Regularly review database access permissions to ensure that users only have the necessary privileges.

How to fix

Update to a patched version of a+HRD that addresses the SQL Injection (SQL Injection) vulnerability. Refer to the vendor documentation or release notes for specific upgrade instructions.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-6833 — SQL Injection in a+HRD by aEnrich?

CVE-2026-6833 is a SQL Injection vulnerability in a+HRD, allowing attackers to inject SQL commands and potentially access database data.

Am I affected by CVE-2026-6833 in a+HRD?

If you are using a+HRD versions 0.0.0 through 7.1, you are potentially affected by this vulnerability. Check with aEnrich for specific version details.

How do I fix CVE-2026-6833 in a+HRD?

Upgrade to a patched version of a+HRD as soon as it is available from the vendor. Implement input validation and parameterized queries as an interim measure.

Is CVE-2026-6833 being actively exploited?

Currently, there are no confirmed reports of active exploitation, but the vulnerability is publicly known.

Where can I find the official a+HRD advisory for CVE-2026-6833?

Refer to the aEnrich website or security advisory channels for the official advisory regarding CVE-2026-6833.