CVE-2026-5033 is a SQL injection (CVSS 7.3) in code-projects Accounting System 1.0 affecting the /view_costumer.php endpoint, exploitable by unauthenticated attackers with a public exploit available; EPSS is at the 5.77th percentile and no CISA KEV listing exists, indicating limited observed exploitation at publication time. Organizations should restrict network access to any running instance immediately, apply WAF rules blocking SQL metacharacter injection on the cos_id parameter, and monitor the upstream repository for a patch; if no vendor patch is issued, this application should be added to the end-of-life/unsupported software register and evaluated for replacement.