关键信息 CVE ID: CVE-2026-26988 Severity: High Affected Versions: < 25.12.0 Patched Version: 26.1 Summary Vulnerability: SQL injection in IPv6 address search functionality via parameter in endpoint. Cause: The application fails to properly sanitize or parameterize user input when processing IPv6 address searches, leading to direct concatenation of user input into the SQL query. Details Vulnerable Code Snippet: PoC - Request: Impact: Allows an attacker to execute arbitrary SQL queries against the database. Reproduction Steps 1. Access the application instance. 2. Send the provided request, adjusting the host as necessary.