A critical, unauthenticated SQL injection flaw affects Raera's Destekz web product through build 02062026, and the vendor has confirmed the product is no longer supported.
What Is It
CVE-2026-4321 is an SQL injection vulnerability (CWE-89) caused by improper neutralization of special elements used in an SQL command. It affects Destekz, a product from Raera - Ankara Web Design and Digital Advertising Agency. The flaw allows an attacker to inject arbitrary SQL, and it was assigned by USOM ([email protected]), Turkey's national cyber incident response center.
Why It Matters
The vulnerability carries a CVSS 3.1 base score of 9.8 (CRITICAL), vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. It is exploitable over the network with low attack complexity, requires no privileges, and needs no user interaction. Successful exploitation carries HIGH impact to confidentiality, integrity, and availability, meaning an attacker could read, alter, or destroy the underlying database. The supplied KEV data contains no entry, so there is no confirmation of active exploitation in CISA's Known Exploited Vulnerabilities catalog at this time.
What's Vulnerable
- Vendor: Raera - Ankara Web Design and Digital Advertising Agency
- Product: Destekz
- Affected versions: all versions through build 02062026 (version "0" up to and including 02062026)
The NVD record lists no specific affected CPEs.
Patch Status
There is no fix. The record is tagged unsupported-when-assigned, and the description notes: "The vendor was contacted and it was learned that the product is not supported." Because the product is end-of-life and unsupported, no vendor patch is expected. Organizations still running Destekz should treat retirement or removal of the product as the primary remediation, since continued use leaves an unpatched, network-exploitable critical flaw exposed. The CVE remains in "Received" status as of publication.
Sources
- NVD, CVE-2026-4321: https://nvd.nist.gov/vuln/detail/CVE-2026-4321
- USOM / siberguvenlik.gov.tr advisory TR-26-0488: https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0488