What is CVE-2026-7699?

A low-severity SQL injection vulnerability has been identified in Dromara MaxKey affecting versions up to 3.5.13. Organizations should assess their exposure and apply necessary mitigations to avoid exploitation.

What is the severity of CVE-2026-7699?

CVE-2026-7699 has a severity rating of LOW with a CVSS base score of 2.1.

CVE-2026-7699 | Low Vulnerability in Dromara MaxKey

A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrUtils.java. Performing a manipulation of the argument filtersfields results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

This vulnerability is classified as low severity, with a CVSS score of 2.1. Although the severity is low, risk to organizations includes potential unauthorized access to sensitive data through SQL injection, making it important to address.

Organizations should prioritize patching immediately to mitigate this vulnerability, especially if they are using the affected version.

As of now, there is no public exploit confirmed for this vulnerability, but it is crucial for security teams to stay vigilant.

Given the nature of SQL injection vulnerabilities, the potential for exploitation remains, and organizations should take this into consideration.

Vulnerability Details

This vulnerability allows attackers to perform SQL injection through the StrUtils.checkSqlInjection function in Dromara MaxKey. The CVE was published on May 3, 2026, and it has been classified under CWE-74 (Injection) and CWE-89 (SQL Injection).

The CVSS score of 2.1 indicates low severity, with the vulnerability being network exploitable and requiring low privileges to exploit. The attack complexity is also low, making it feasible for attackers with limited skill.

Organizations using versions up to 3.5.13 of Dromara MaxKey should be particularly aware of this vulnerability and take appropriate measures to secure their systems.

Technical Analysis

The root cause of this vulnerability lies in the improper handling of user input within the StrUtils.checkSqlInjection function. By manipulating the argument filtersfields, an attacker can craft a malicious SQL query to execute arbitrary SQL commands on the database.

The attack vector is over the network, and the complexity of the attack is low, meaning that an attacker can execute it without any significant prerequisites.

This vulnerability does not require user interaction, and the impact on confidentiality, integrity, and availability is rated as low.

Risk & Impact Analysis

The risk to organizations includes the potential for unauthorized access to sensitive data through SQL injection attacks. Even though the CVSS score is low, the presence of this vulnerability can allow attackers to manipulate databases and extract sensitive information, which can have severe repercussions.

The blast radius potential is significant if exploited, as it could lead to data breaches affecting multiple users or systems. Organizations should assess the urgency of remediation based on their specific environment and the criticality of the data managed by the affected application.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions prior to vendor patch are affected, specifically up to version 3.5.13 of Dromara MaxKey.

Mitigation & Remediation

Organizations should prioritize patching immediately to remediate this vulnerability. Ensure that you upgrade to the latest version of Dromara MaxKey. If a patch is not available, consider implementing web application firewalls and filtering input to mitigate the risk of SQL injection attacks.

For further assistance, organizations may refer to penetration testing services to identify and address similar vulnerabilities in their environment.

Detection Guidance

Organizations should monitor for anomalies in SQL query patterns and unexpected database behavior. Additionally, logging all database transactions can help in identifying potential exploitation attempts.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in the continued prevalence of SQL injection as a common attack vector. Security teams should regularly review their input validation and sanitization practices to prevent similar vulnerabilities.

This case highlights the importance of timely vendor communications and the need for a proactive approach in vulnerability management.

For additional resources on securing applications, consider exploring the following links: API penetration testing, web application penetration testing, and penetration testing methodology to enhance your security posture.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-7699: Low Vulnerability in Dromara MaxKey