A critical SQL injection vulnerability, tracked as CVE-2024-5276, has been discovered in Fortra FileCatalyst Workflow versions 5.1.6 Build 135 and earlier. This flaw carries a CVSS score of 9.8 and could allow attackers to manipulate the application’s database, potentially enabling actions like creating administrative users or modifying/deleting data. Fortra has addressed this issue in version 5.1.6 build 139. Users are advised to apply the patch promptly. As a temporary workaround, disabling vulnerable servlets in the “web.xml” file can mitigate the risk of exploitation. Cybersecurity firm Tenable reported the vulnerability and has released a proof-of-concept exploit demonstrating its impact.