CIVI-SA-2026-34: SQLI in Financial Batch AJAX

Published
2026-06-16 20:49
Written by
Security Risk
Critical
Vulnerability
SQL Injection
Affected Versions

CiviCRM v6.15.2 and earlier

Fixed Versions

CiviCRM v6.15.3, v6.10.7 (ESR), and later

Publication Date
Solutions

Upgrade to a fixed version of CiviCRM

Credits

Coleman Watts (CiviCRM), Seamus lee (JMA Consulting), Cure53, Johannes Filter (Medien in Bewegung e. V.)