SSRF in ODBC Enrichment Source

Advisory ID: LVD-2026-001

CVSSv 4.0 Vector: AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSSv 4.0 Base Score: 7.7

Severity: High

CVE: CVE-2026-35548 

CWE: CWE-918

Date Published: 2026-04-22

Description:

The vulnerability arises from improper logic for credential reuse when editing an existing ODBC Enrichment Source. Previously stored database credentials were retained even if connection parameters (Host/IP/Port) were modified. This behavior was unintended and has been corrected in version 7.9.0 by clearing credentials when connection settings are modified.

Affected Product:

• Logpoint versions before 7.9.0 
• ODBC version before 5.2.1

Solution:

• Upgrade to Logpoint v7.9.0 

• Upgrade to ODBC v5.2.1

Acknowledgement:

Mickael Karatekin (SysDream)