CVE-2026-31844Koha · Koha
Vulnerability data via NVD (ingested)
An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL queries via crafted requests to this parameter, allowing execution of unintended SQL statements and exposure of sensitive database information. Successful exploitation may lead to full compromise of the backend database, including disclosure or modification of stored data.
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
vuln:CVE-2026-31844product:"Koha Koha"http.html:"Koha"More intel sources (5)
vuln:CVE-2026-31844vulnerabilities.cve_id: CVE-2026-31844CVE-2026-31844CVE-2026-31844"CVE-2026-31844" exploit -site:nvd.nist.gov