← back
CVE-2026-21856

Tarkov Data Manager has Authenticated SQL Injection

CVSS 7.2 HIGHEPSS 0.3%CWE-89
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.2EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
07 Jan 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary SQL queries against the MySQL database. Commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8 contains a patch.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
the-hideout · tarkov-data-manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/the-hideout/tarkov-data-manager/commit/9bdb3a75a98a7047b6d70144eb1da1655d6992a8https://github.com/the-hideout/tarkov-data-manager/security/advisories/GHSA-4gcx-ghwc-rc78