CVE-2026-1050

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions risesoft-y9 Digital-Infrastructure versions up to 9.6.7

Description A flaw exists in risesoft-y9 Digital-Infrastructure up to version 9.6.7. The issue affects an unknown function within the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the REST Authenticate Endpoint component. A manipulation can lead to SQL injection, and the attack can be launched remotely. The exploit has been published. The project was informed of the issue but has not responded.

Recommendations Update risesoft-y9 Digital-Infrastructure to a version later than 9.6.7.

Exploit

Fix

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2026-1050

GHSA-VHCX-7RPG-HP39

Affected Products

Risesoft-Y9 Digital-Infrastructure

CVE-2026-1050

Weakness Enumeration

Related Identifiers

Affected Products

References · 14