CVE-2026-3969 (CVSS 7.3, CWE-89) is a SQL injection vulnerability in FeMiner WMS 1.0 via the unsanitized ‘Name’ parameter in the department management module, with a public exploit available and no vendor patch issued as of this reporting date. EPSS is low (7.57th percentile) but public exploit availability lowers the exploitation barrier regardless of current observed activity. Organizations running FeMiner WMS 1.0 should restrict access to the vulnerable endpoint via WAF rule or network ACL immediately and evaluate whether continued production use without an upstream patch is acceptable given the vendor’s non-response to disclosure.