CVE-2026-1121

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0

Description A flaw exists in Yonyou KSOA 9.0 related to the HTTP GET Parameter Handler component and the file /worksheet/del workplan.jsp. Specifically, manipulating the ID argument can lead to a SQL injection condition. This issue is remotely exploitable, and details about the exploit have been publicly disclosed. The vendor was notified but did not provide a response.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.