CVE advisoryCRITICAL
CVE-2026-4317
Umami Software web app allows attackers to steal customer data or take control
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
An authenticated attacker can exploit a SQL injection flaw in the Umami Software web application to steal sensitive data or execute dangerous commands. This vulnerability deserves attention now due to the potential for data compromise.