CVE•Published 2026-01-23•Modified 2026-06-30•1 article on news•6 live references•NVD data
CVE-2026-0603
Vulnerability data via NVD (ingested)
CVSS v3.1
8.3
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS percentile
—
Weaknesses (CWE)
Description
A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application's database, resulting in an application level denial of service.
Timeline
Published 2026-01-23
Modified 2026-06-30
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
More intel sources (5)
Shodan report
vuln:CVE-2026-0603Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-0603Censys host search filtered to this CVE id.
grep.app
CVE-2026-0603Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-0603GitHub code search for direct mentions.
Google dork
"CVE-2026-0603" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub (8)
CVE-2026-06038 repos
Mr-xn/Penetration_Testing_POCHTML
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypas…
tianchong-zerotemp/dianxingunknown
DianXing - AI-Driven End-to-End Code Security Auditing
ugurkocde/IntuneBrewShell
IntuneBrew is a PowerShell-based tool that simplifies the process of uploading and managing macOS applications in Microsoft Intune. It automates the entire workflow from downloadin…
DarkFunct/TK-CVE-RepoPython
TK-CVE-Repo
gameworkerkim/CYBER-THREAT-INTELLIGENCE-REPORTunknown
This report analyzes the collapse of the cyber weapons supply chain and its impact on national security through the case of the Coruna iOS Exploit Kit. Cyber warfare has evolved in…
secure-agentic-framework/saf-k8sPython
martinholovsky/awesome-llm-attacksunknown
A curated, framework-mapped catalog of attack techniques against LLM and GenAI systems — cross-referenced to OWASP LLM Top 10, MITRE ATLAS, OWASP ASI, and MCP security.
EQSTLab/CVE-2026-0603HTML
Hibernate ORM Second-Order SQL Injection