CVE-2026-44739 | Pimcore up to 11.5.16/12.3.5 CustomReportsBundle CustomReportController.php fetchAssociative sql injection

SecurityVulns

A vulnerability was found in Pimcore up to 11.5.16/12.3.5. It has been declared as critical. The affected element is the function fetchAssociative of the file bundles/CustomReportsBundle/src/Controller/Reports/CustomReportController.php of the component CustomReportsBundle. Executing a manipulation can lead to sql injection.

The identification of this vulnerability is CVE-2026-44739. The attack may be launched remotely. There is no exploit available.VulDB Recent EntriesRead More