Product
A SQL injection vulnerability, CVE-2026-15907, exists in H3C SecPath F1000-C8300 appliances up to version 20260522, allowing remote attackers to manipulate the 'subject' argument in the '/webui/?g=log_fw_nbc_mail_jsondata' endpoint to execute arbitrary SQL commands, potentially leading to unauthorized data access or system compromise, with a publicly available exploit.