Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 19 Jun 2026 09:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Grocy
Grocy grocy |
|
| Vendors & Products |
Grocy
Grocy grocy |
Thu, 18 Jun 2026 04:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | SQL Injection in Grocy 4.6.0 /stockreports/spendings |
Wed, 17 Jun 2026 05:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | SQL Injection in Grocy 4.6.0 /stockreports/spendings |
Tue, 16 Jun 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-89 | |
| Metrics |
cvssV3_1
|
Mon, 15 Jun 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement. | |
| References |
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-06-16T15:19:55.812Z
Reserved: 2026-06-07T00:00:00.000Z
Link: CVE-2026-50890
Updated: 2026-06-16T15:19:47.401Z
Status : Deferred
Published: 2026-06-15T20:16:32.003
Modified: 2026-06-16T17:16:42.310
Link: CVE-2026-50890
No data.
OpenCVE Enrichment
Updated: 2026-06-19T09:35:47Z