A vulnerability categorized as critical has been discovered in Chatwoot up to 4.11.1 . Affected by this vulnerability is the function is_greater_than of the file /api/v1/accounts/{account_id}/conversations/filter of the component Custom Attributes Handler . The manipulation of the argument values results in sql injection. This vulnerability is reported as CVE-2026-44706 . The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.