CVE-2026-6428 | Koha up to 26.05.0 Reports reports/catalogue_out.pl strsth2 sql injection

A vulnerability labeled as critical has been found in Koha up to 26.05.0. The impacted element is an unknown function of the file reports/catalogue_out.pl of the component Reports Module. Executing a manipulation of the argument strsth2 can lead to sql injection.

This vulnerability appears as CVE-2026-6428. The attack may be performed from remote. There is no available exploit.

The affected component should be upgraded.VulDB Recent EntriesRead More