CVE-2026-27470

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-27470

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27470.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-27470

Aliases

GHSA-r6gm-478g-f2c4

Downstream

DEBIAN-CVE-2026-27470

UBUNTU-CVE-2026-27470

Published

2026-02-21T08:05:01.073Z

Modified

2026-02-24T19:35:41.964291Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

ZoneMinder: Second-Order SQL Injection in `getNearEvents()` via Stored Event Name and Cause Fields

Details

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents() function. Event field values (specifically Name and Cause) are stored safely via parameterized queries but are later retrieved and concatenated directly into SQL WHERE clauses without escaping. An authenticated user with Events edit and view permissions can exploit this to execute arbitrary SQL queries.

Database specific

{
    "cwe_ids": [
        "CWE-89"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27470.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/zoneminder/zoneminder

Affected ranges

Type

GIT

Repo

https://github.com/zoneminder/zoneminder

Events

Introduced

Fixed

2c273305aee7bae011bbd3d2d4cd962a69609e94

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.36.38"
        }
    ]
}

Type

GIT

Repo

https://github.com/zoneminder/zoneminder

Events

Introduced

599361dc8bdf35daf85fcf629025cda5e05e298a

Fixed

6913b0615a3f6627d669ff1034a74a10cad4ebbe

Database specific

{
    "versions": [
        {
            "introduced": "1.37.61"
        },
        {
            "fixed": "1.38.1"
        }
    ]
}

Affected versions

1.*

1.30.1-rc.1

1.30.2

1.30.2-rc.1

1.30.3

1.30.4

1.32.0

1.32.1

1.32.2

1.32.3

1.34.0

1.34.1

1.34.10

1.34.11

1.34.12

1.34.13

1.34.14

1.34.15

1.34.16

1.34.17

1.34.18

1.34.19

1.34.2

1.34.20

1.34.21

1.34.22

1.34.23

1.34.24

1.34.25

1.34.26

1.34.3

1.34.4

1.34.5

1.34.6

1.34.7

1.34.8

1.34.9

1.36.0

1.36.1

1.36.10

1.36.11

1.36.12

1.36.13

1.36.14

1.36.15

1.36.16

1.36.17

1.36.18

1.36.2

1.36.20

1.36.21

1.36.22

1.36.23

1.36.24

1.36.25

1.36.26

1.36.27

1.36.28

1.36.29

1.36.3

1.36.30

1.36.31

1.36.32

1.36.33

1.36.34

1.36.35

1.36.36

1.36.37

1.36.4

1.36.6

1.36.63

1.36.7

1.36.8

1.36.9

1.37.61

1.37.63

1.37.64

1.37.65

1.38.0

Other

list

v1.*

v1.25

v1.26-beta.1

v1.26-beta.2

v1.26-beta.3

v1.26.0

v1.26.1

v1.26.2

v1.26.3

v1.26.4

v1.26.5

v1.27.0

v1.28.0

v1.29.0

v1.29.0-rc1

v1.29.0-rc2

v1.30.0

v1.30.0-rc1

v1.30.0-rc2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27470.json"