CVE-2026-3022

Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web

Description

Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting special NoSQL commands, resulting in the attacker being able to obtain customer reports.

INFO

Published Date :

2026-03-16T10:11:30.207Z

Last Modified :

2026-03-16T15:26:40.413Z

Source :

INCIBE

AFFECTED PRODUCTS

The following products are affected by CVE-2026-3022 vulnerability.

Vendors	Products
Wakyma	Wakyma Wakyma Application Web

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-3022.

URL	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wakyma-application-web

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact