CVE-2026-27470

CVE-2026-27470

Name

CVE-2026-27470

Description

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents() function. Event field values (specifically Name and Cause) are stored safely via parameterized queries but are later retrieved and concatenated directly into SQL WHERE clauses without escaping. An authenticated user with Events edit and view permissions can exploit this to execute arbitrary SQL queries.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security-advisories@github.com	https://github.com/ZoneMinder/zoneminder/releases/tag/1.36.38
security-advisories@github.com	https://github.com/ZoneMinder/zoneminder/releases/tag/1.38.1
security-advisories@github.com	https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-r6gm-478g-f2c4
security-advisories@github.com	https://owasp.org/www-community/attacks/SQL_Injection

Type

URI

security-advisories@github.com

https://github.com/ZoneMinder/zoneminder/releases/tag/1.36.38

security-advisories@github.com

https://github.com/ZoneMinder/zoneminder/releases/tag/1.38.1

security-advisories@github.com

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-r6gm-478g-f2c4

security-advisories@github.com

https://owasp.org/www-community/attacks/SQL_Injection

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:zoneminder:zoneminder::::::::`	zoneminder	>= None	< 1.36.38
`cpe:2.3:a:zoneminder:zoneminder::::::::`	zoneminder	>= 1.37.61	< 1.38.1

CPE URI

Source package

Min version

Max version

cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*

zoneminder

>= None

< 1.36.38

cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*

zoneminder

>= 1.37.61

< 1.38.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
zoneminder	edge-community	1.38.1-r0	Kaarle Ritvanen <kunkku@alpinelinux.org>	fixed
zoneminder	edge-community	1.38.0-r0	Kaarle Ritvanen <kunkku@alpinelinux.org>	possibly vulnerable
zoneminder	edge-community	1.37.63-r0	Kaarle Ritvanen <kunkku@alpinelinux.org>	possibly vulnerable
zoneminder	edge-community	1.36.36-r1	Kaarle Ritvanen <kunkku@alpinelinux.org>	possibly vulnerable
zoneminder	edge-community	1.36.36-r0	Kaarle Ritvanen <kunkku@alpinelinux.org>	possibly vulnerable
zoneminder	edge-community	1.36.35-r2	Kaarle Ritvanen <kunkku@alpinelinux.org>	possibly vulnerable
zoneminder	edge-community	1.36.35-r1	Kaarle Ritvanen <kunkku@alpinelinux.org>	possibly vulnerable
zoneminder	edge-community	1.36.35-r0	Kaarle Ritvanen <kunkku@alpinelinux.org>	possibly vulnerable
zoneminder	edge-community	1.36.33-r0	Kaarle Ritvanen <kunkku@alpinelinux.org>	possibly vulnerable
zoneminder	edge-community	1.36.31-r0	Kaarle Ritvanen <kunkku@alpinelinux.org>	possibly vulnerable
zoneminder	edge-community	1.36.7-r0	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	possibly vulnerable
zoneminder	edge-community	1.30.2-r3	None	possibly vulnerable
zoneminder	edge-community	1.30.2-r0	None	possibly vulnerable
zoneminder	3.23-community	1.36.36-r1	Kaarle Ritvanen <kunkku@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

zoneminder

edge-community

1.38.1-r0

Kaarle Ritvanen <kunkku@alpinelinux.org>

fixed

zoneminder

edge-community