CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-24913

SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, information stored in the database may be obtained or altered by a user who can log in to the product.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 12.6%

CVSS Severity

CVSS v3 Score 8.8

References

https://jvn.jp/en/jp/JVN33581068/
https://oss.icz.co.jp/news/?p=1386

Products affected by CVE-2026-24913

Icz » Matcha Invoice » Version: 2.5.10

cpe:2.3:a:icz:matcha_invoice:2.5.10
Icz » Matcha Invoice » Version: 2.6.0

cpe:2.3:a:icz:matcha_invoice:2.6.0
Icz » Matcha Invoice » Version: 2.6.1

cpe:2.3:a:icz:matcha_invoice:2.6.1
Icz » Matcha Invoice » Version: 2.6.2

cpe:2.3:a:icz:matcha_invoice:2.6.2
Icz » Matcha Invoice » Version: 2.6.3

cpe:2.3:a:icz:matcha_invoice:2.6.3
Icz » Matcha Invoice » Version: 2.6.4

cpe:2.3:a:icz:matcha_invoice:2.6.4
Icz » Matcha Invoice » Version: 2.6.5

cpe:2.3:a:icz:matcha_invoice:2.6.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-24913

Products

Pricing

Contact Us