{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33566", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-04-21T23:50:58.926Z", "datePublished": "2026-04-27T00:04:23.709Z", "dateUpdated": "2026-04-27T15:23:56.804Z"}, "containers": {"cna": {"affected": [{"vendor": "Japan Computer Emergency Response Team Coordination Center (JPCERT/CC)", "product": "LogonTracer", "versions": [{"version": "prior to v2.0.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered."}], "problemTypes": [{"descriptions": [{"description": "Improper Neutralization of Special Elements in Data Query Logic", "lang": "en-US", "cweId": "CWE-943", "type": "CWE"}]}], "references": [{"url": "https://www.jpcert.or.jp/press/2026/PR20260423.html"}, {"url": "https://jvn.jp/en/jp/JVN57877356/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "MEDIUM", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-04-27T00:04:23.709Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T15:16:26.565725Z", "id": "CVE-2026-33566", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T15:23:56.804Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33566", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-27T15:16:26.565725Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T15:23:52.152Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Japan Computer Emergency Response Team Coordination Center (JPCERT/CC)", "product": "LogonTracer", "versions": [{"status": "affected", "version": "prior to v2.0.0"}]}], "references": [{"url": "https://www.jpcert.or.jp/press/2026/PR20260423.html"}, {"url": "https://jvn.jp/en/jp/JVN57877356/"}], "descriptions": [{"lang": "en", "value": "There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-943", "description": "Improper Neutralization of Special Elements in Data Query Logic"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-04-27T00:04:23.709Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33566", "state": "PUBLISHED", "dateUpdated": "2026-04-27T15:23:56.804Z", "dateReserved": "2026-04-21T23:50:58.926Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2026-04-27T00:04:23.709Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jpcert:logontracer:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F702F84-44F3-411B-8F03-87CE72BB6510", "versionEndExcluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered."}], "id": "CVE-2026-33566", "lastModified": "2026-04-28T18:15:39.440", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-04-27T00:16:20.083", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN57877356/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://www.jpcert.or.jp/press/2026/PR20260423.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-943"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.0.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "logontracer", "vendor": "japan_computer_emergency_response_team_coordination_center_(jpcert/cc)"}], "analysis": {"en": {"generated_at": "2026-04-28T04:57:19.868996+00:00", "value": {"mitigation_remediation": ["Upgrade LogonTracer to version\u202f2.0.0 or later to eliminate the cypher injection flaw.", "When an upgrade is delayed, sanitize incoming Windows event log data before ingestion\u2014validate and escape any characters that could form part of a cypher statement.", "Apply the principle of least privilege to the LogonTracer process and monitor the database for unexpected changes to detect potential exploitation early."], "summary": {"action": "Patch", "impact": "Database integrity compromise"}, "threat_synthesis": {"affected_systems": "Vulnerable product is LogonTracer provided by the Japan Computer Emergency Response Team Coordination Center (JPCERT/CC). Any deployment running a version earlier than 2.0.0 is susceptible; no specific minor revisions are listed, so all pre\u20112.0.0 releases are considered affected.", "description_and_impact": "LogonTracer contains a cypher injection vulnerability prior to version 2.0.0, allowing an attacker to alter the database contents by loading specially crafted Windows event log data. This flaw could enable unauthorized data modification, compromising the integrity of the application\u2019s data store. The weakness falls under CWE\u2011943, reflecting unsanitized cypher input that can be exploited during data ingestion.", "risk_and_exploitability": "The CVSS score of 5.1 indicates medium risk, while an EPSS of less than 1\u202f% suggests low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation would require an attacker to supply crafted event log data that LogonTracer processes, which implies either local access to the system to influence log ingestion or an exposed interface that accepts logs from external sources. Once triggered, the attacker could modify database entries, potentially altering authentication traces or other audit information."}}}}, "created": "2026-04-27T20:20:19.245501+00:00", "title": "Cypher Injection in LogonTracer Permitting Database Modification", "updated": "2026-04-28T05:00:14.754134+00:00", "vendors": ["japan_computer_emergency_response_team_coordination_center_(jpcert/cc)", "japan_computer_emergency_response_team_coordination_center_(jpcert/cc)$PRODUCT$logontracer"]}