| Advisory ID | Severity | Release Date | Reported By | CVE ID |
| HSVD-2026-0009 | Medium | June 18, 2026 | External submission | N/A |
Overview
Hillstone HSA contains a SQL injection vulnerability that can be exploited by a low-privilege account. The vulnerability exists because parameters in the request body are not properly validated. An attacker can craft malicious SQL statements to perform unauthorized database queries, potentially exposing sensitive data or compromising data integrity.
Affected Products & Fix Versions
| PRODUCT | AFFECTED VERSIONS | FIX VERSION |
|---|---|---|
| HSA | Versions prior to HSA2.22.7 | HSA2.22.7 |
Remediation & Mitigation
- Repair by upgrading the version.
Contact & Reporting
For technical support and detailed remediation guidance, contact Hillstone Networks support at +1-800-930-6707.
To report security issues in Hillstone products, email PSIRT@hillstonenet.com. Hillstone follows responsible disclosure principles and applicable regulations when handling product security incidents.
Legal notice — Without written authorization from Hillstone Networks, no organization or individual may modify, excerpt, or disseminate the content of this advisory for commercial purposes.
Recent Comments