CVE-2026-40131 — SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploit — CVE Database · The Intelligence Room