Executive Summary
Internal security review identified instances of SQL injection vulnerabilities in the Netwrix Endpoint Protector server application. These vulnerabilities could allow an authenticated or unauthenticated attacker to execute arbitrary SQL commands, potentially leading to unauthorized data access, data manipulation, privilege escalation or remote code execution.
Users of Netwrix Endpoint Protector are advised to update to the latest version immediately. Netwrix is unaware of any evidence of active exploitation of these vulnerabilities.
Vulnerability
| Title | Affected Component | Affected Versions | CVSS 4.0 Score | CVSS 3.1 Score (Base / Temporal) | Description |
|---|---|---|---|---|---|
| Improper Neutralization of Special Elements used in an SQL Command | Endpoint Protector Server | <=2601.0.1.0 | 9.3 | 9.8 / 8.8 | Multiple instances of insufficient SQL query sanitization were identified across the application that could allow authenticated attackers to execute arbitrary SQL commands, leading to unauthorized data access, modification of application data, or privilege escalation. |
Exploitability
Factors such as whether details about the vulnerability are publicly known, whether an exploit is readily available, or whether adversaries are actively exploiting the vulnerability are valuable in making risk-based judgments about urgency and priority; customers should use the information below in making those decisions.
| Title | Publicly known? | Exploit available? | Actively exploited? |
|---|---|---|---|
| Improper Neutralization of Special Elements used in an SQL Command | No | No | No |
Solution
All Netwrix Endpoint Protector customers are advised to update Endpoint Protector to version 2601.0.1.0 or later as soon as possible.
Please contact the Netwrix technical support team should you need assistance.
Official Fixes
Updated software has been released containing official fixes for the vulnerabilities as indicated in the table below.
| Product | Release Version |
|---|---|
| Netwrix Endpoint Protector | 2601.0.1.0 |
FAQ
-
How do I determine the version of Netwrix Endpoint Protector is in use?
The Netwrix Endpoint Protector server version number can be seen in the lower-right corner of the application window.
-
Are there any configuration changes required after updating?
No additional configuration changes are required. The fixes are automatically applied upon updating to the remediated version.
Revisions
Updates to this advisory may be made as necessary. Information about each change will be published in the table below.
| Revision | Date | Description |
|---|---|---|
| 1 | 2026-01-15T13:00:00Z | First published |
Disclaimer
The information and materials included in or linked to this Security Advisory are provided on an “as-is” basis and without warranty of any kind, and we disclaim all representations and warranties of any kind, whether express or implied, including warranties of merchantability and fitness for a particular use. You acknowledge and agree that your use of the information and materials included in or linked to this Security Advisory are at your own risk.