CVE-2026-8827 — The AddressRepository::getSqlQuery() method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself — CVE Database · The Intelligence Room