CVE-2026-2621 | Sciyon Koyuan Thermoelectricity Heat Network Management System AsyncTreeProxy.aspx sql injection

Inserito da Angelo Barbosa | Feb 17, 2026 | CVE

A vulnerability identified as critical has been detected in Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0. This affects an unknown part of the file /SISReport/WebReport20/Proxy/AsyncTreeProxy.aspx. The manipulation of the argument PGUID leads to sql injection.

This vulnerability is documented as CVE-2026-2621. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2621 | Sciyon Koyuan Thermoelectricity Heat Network Management System AsyncTreeProxy.aspx sql injection

Post correlati

CVE-2024-6298 | ABB ASPECT-Enterprise/NEXUS/MATRIX up to 3.08.01 on Linux input validation

CVE-2025-68338 | Linux Kernel up to 6.12.60/6.17.10 ksz_irq_free uninitialized pointer

CVE-2026-1335 | Dassault Systèmes SOLIDWORKS eDrawings 2025/2026 EPRT File Parser out-of-bounds write

CVE-2024-44552 | Tenda AX1806 1.0.0.1 formGetIptv adv.iptv.stballvlans stack-based overflow