{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/adam-retail-automation-ltd./feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-2397"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["MobilMen 20T (v3 through 10072026)"],"_cs_severities":["critical"],"_cs_tags":["sql-injection","vulnerability","cve","data-exfiltration"],"_cs_type":"advisory","_cs_vendors":["Adam Retail Automation Ltd."],"content_html":"\u003cp\u003eA severe SQL injection vulnerability, identified as CVE-2026-2397, has been discovered in Adam Retail Automation Ltd.'s MobilMen 20T software, affecting all versions from v3 up to and including 10072026. This flaw, rated with a critical CVSS v3.1 Base Score of 9.8, allows an unauthenticated attacker to inject and execute arbitrary SQL commands. The vulnerability stems from improper neutralization of special elements used in SQL commands, which could lead to unauthorized access, modification, or deletion of sensitive database information. Successful exploitation could grant an attacker full control over the database and potentially the underlying system, enabling data exfiltration, system manipulation, or further network intrusion. The vendor has been notified but has not responded to the disclosure at the time of publication.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a vulnerable input field or parameter in the MobilMen 20T application that processes user-supplied data to construct SQL queries.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts malicious input containing SQL metacharacters and commands (e.g., single quotes, semicolons, \u003ccode\u003eUNION SELECT\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker sends this crafted input to the vulnerable application endpoint.\u003c/li\u003e\n\u003cli\u003eThe MobilMen 20T application fails to properly sanitize or escape the special characters within the input before incorporating it into an SQL query.\u003c/li\u003e\n\u003cli\u003eThe malicious SQL code becomes part of the legitimate database query executed by the application.\u003c/li\u003e\n\u003cli\u003eThe database server processes the attacker's injected SQL commands, potentially revealing sensitive data, modifying records, or executing arbitrary commands on the database server.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to or control over the application's database, achieving objectives such as data exfiltration or privilege escalation.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-2397 could lead to complete compromise of the database underpinning the MobilMen 20T application. Attackers could gain unauthorized access to all data stored in the database, including customer information, financial records, and operational data. This could result in severe data breaches, regulatory fines, reputational damage, and significant operational disruption for affected organizations. The critical CVSS score of 9.8 indicates that the vulnerability is easily exploitable and has a high impact on confidentiality, integrity, and availability. Given the nature of retail automation software, compromise could directly affect business operations and transactional integrity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrioritize patching Adam Retail Automation Ltd. MobilMen 20T to a version where CVE-2026-2397 is mitigated as soon as an update becomes available.\u003c/li\u003e\n\u003cli\u003eImplement robust input validation and parameterized queries in all applications, especially those processing user input for database interactions, to prevent SQL injection vulnerabilities like CVE-2026-2397.\u003c/li\u003e\n\u003cli\u003eDeploy web application firewalls (WAFs) to detect and block common SQL injection patterns in HTTP requests; ensure WAF rules are updated to cover CVE-2026-2397 related attack vectors.\u003c/li\u003e\n\u003cli\u003eEnable comprehensive logging for web server access and database activity, and monitor for unusual query patterns, errors, or large data transfers that could indicate exploitation of CVE-2026-2397.\u003c/li\u003e\n\u003cli\u003eRegularly perform security audits and penetration tests on applications, focusing on input validation and database interaction logic, to identify and remediate vulnerabilities similar to CVE-2026-2397.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-10T18:17:25Z","date_published":"2026-07-10T18:17:25Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-2397-mobilmen-sqli/","summary":"A critical SQL injection vulnerability, tracked as CVE-2026-2397 with a CVSS v3.1 score of 9.8, affects Adam Retail Automation Ltd.'s MobilMen 20T software, allowing remote attackers to execute arbitrary SQL commands due to improper neutralization of special elements in input, potentially leading to unauthorized data access or system compromise.","title":"Critical SQL Injection Vulnerability in Adam Retail Automation MobilMen 20T","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-2397-mobilmen-sqli/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-2398"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["MobilMen 20T (v3 - 10072026)"],"_cs_severities":["high"],"_cs_tags":["authorization-bypass","privilege-escalation","vulnerability","CVE"],"_cs_type":"advisory","_cs_vendors":["Adam Retail Automation Ltd."],"content_html":"\u003cp\u003eCVE-2026-2398 describes a critical authorization bypass vulnerability within Adam Retail Automation Ltd.'s MobilMen 20T software, impacting versions v3 through 10072026. This flaw enables attackers to achieve privilege escalation by exploiting user-controlled keys within the application's authorization mechanisms. Successful exploitation could grant an unauthorized actor elevated access to sensitive functions or data within MobilMen 20T, compromising the integrity and confidentiality of retail automation processes. The vendor, Adam Retail Automation Ltd., was contacted regarding this disclosure but has not provided a response, increasing the urgency for users to be aware of and mitigate this risk. Given the high CVSS v3.1 base score of 8.8, this vulnerability poses a significant threat to affected organizations.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a mechanism within Adam Retail Automation Ltd. MobilMen 20T where authorization decisions are based on a user-controlled key.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes the application's processing of this key, identifying how it validates or interprets key values.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious or specially formatted key value designed to subvert the application's authorization logic.\u003c/li\u003e\n\u003cli\u003eThe crafted key is submitted to MobilMen 20T through an accessible input vector, such as an API endpoint, a web form, or a configuration file.\u003c/li\u003e\n\u003cli\u003eThe vulnerable MobilMen 20T application processes the malicious key, failing to properly validate it, thereby bypassing its intended authorization checks.\u003c/li\u003e\n\u003cli\u003eAs a result, the attacker gains unauthorized access to functions or data that should be restricted, effectively achieving privilege escalation within the MobilMen 20T environment.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-2398 allows an attacker to bypass authorization controls, leading directly to privilege escalation within Adam Retail Automation Ltd.'s MobilMen 20T application. This could enable an unauthorized individual to access, modify, or delete sensitive retail data, disrupt operational workflows, or gain control over critical system functions. The lack of a vendor response further exacerbates the risk, leaving affected organizations potentially exposed to significant data breaches, operational downtime, and reputational damage. The broad version range (v3 through 10072026) suggests a substantial number of installations could be at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCVE-2026-2398\u003c/strong\u003e: Immediately monitor for an official patch or mitigation guidance from Adam Retail Automation Ltd. for MobilMen 20T.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLog sources\u003c/strong\u003e: Implement robust logging for all authentication and authorization events within MobilMen 20T to detect unusual access patterns or privilege changes.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAffected Products\u003c/strong\u003e: If possible, isolate or restrict network access to all installations of Adam Retail Automation Ltd. MobilMen 20T versions v3 through 10072026 until a patch is available.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-10T17:19:48Z","date_published":"2026-07-10T17:19:48Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-2398-mobilmen-auth-bypass/","summary":"An authorization bypass vulnerability, identified as CVE-2026-2398, exists in Adam Retail Automation Ltd.'s MobilMen 20T software, affecting versions from v3 through 10072026, allowing an attacker to achieve privilege escalation by manipulating user-controlled keys.","title":"CVE-2026-2398: Authorization Bypass Leads to Privilege Escalation in Adam Retail Automation MobilMen 20T","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-2398-mobilmen-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed - Adam Retail Automation Ltd.","version":"https://jsonfeed.org/version/1.1"}