CVE-2026-44706 | Chatwoot up to 4.11.1 Custom Attributes filter is_greater_than values sql injection (GHSA-9pgm-75gg-6948)

A vulnerability categorized as critical has been discovered in Chatwoot up to 4.11.1. Affected by this vulnerability is the function is_greater_than of the file /api/v1/accounts/{account_id}/conversations/filter of the component Custom Attributes Handler. The manipulation of the argument values results in sql injection.

This vulnerability is reported as CVE-2026-44706. The attack can be launched remotely. No exploit exists.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More