QwikSec

Security Database

CVE

CWE

Training

CVE-2026-3023

Published: Mar 16, 2026

Modified: Mar 16, 2026

PUBLISHED

Description

Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/pets/print-tags'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting NoSQL commands, allowing them to list both pets and owner names.

Vendor	Product	Versions
Wakyma	Wakyma application web	affected `all versions`

Weaknesses (CWE)

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wakyma-application-web

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.