Xibo Digital Signage Platform Hit with Critical SQL Injection
The National Vulnerability Database has identified CVE-2026-31952, a high-severity SQL injection vulnerability impacting Xibo’s open-source digital signage platform. Versions 1.7 through 4.4.0 of the Xibo CMS are susceptible, allowing authenticated users with specific privileges to access and manipulate database records. This exploit targets API routes used for filtering DataSets, enabling attackers to exfiltrate or alter critical information.
Attackers can leverage this flaw if they possess either the Access to DataSet Feature or Access to the Layout Feature privilege. The CVSS score of 7.6 highlights the significant risk, with the vector indicating network accessibility and low complexity. Defenders must prioritize patching these systems to prevent unauthorized data access and modification, which could lead to operational disruption or data integrity issues.
Xibo has released version 4.4.1 to address this vulnerability. Customers utilizing Xibo Signage’s hosted CMS have been patched if on supported versions. For self-hosted instances, upgrading to the latest version is imperative. Patches are also available for older, out-of-support versions (3.3, 2.3, and 1.8), emphasizing the need for ongoing maintenance even for legacy deployments.
What This Means For You
- If your organization utilizes Xibo digital signage, immediately verify your CMS version. Upgrade to Xibo 4.4.1 or a patched version if you are running 1.7 through 4.4.0. Authenticated users with specific privileges can exploit this SQL injection to steal or alter data; audit access logs for any unusual activity related to DataSet or Layout features.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-31952 - Xibo CMS SQL Injection in DataSet Filtering
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-31952 | SQLi | Xibo CMS versions 1.7 through 4.4.0 |
| CVE-2026-31952 | SQLi | API routes responsible for Filtering DataSets in Xibo CMS |
| CVE-2026-31952 | SQLi | Injection via API filter parameter in Xibo CMS |
| CVE-2026-31952 | SQLi | Authenticated user with 'Access to DataSet Feature' or 'Access to the Layout Feature' privilege |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 24, 2026 at 03:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
CVE-2026-31956 — Xibo is an open source digital signage platform with a web
CVE-2026-31956 — Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1,...
CVE-2026-31955 — Versions Prior To Server-Side Request Forgery
CVE-2026-31955 — Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request...
CVE-2026-31953 — Versions Prior To Cross-Site Scripting (XSS)
CVE-2026-31953 — Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting...