CVE-2026-7672 | youlaitech youlai-boot up to 2.21.1 Users Endpoint UserController.java getUserList order sql injection

A vulnerability, which was classified as critical, was found in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection.

This vulnerability is traded as CVE-2026-7672. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-7672 | youlaitech youlai-boot up to 2.21.1 Users Endpoint UserController.java getUserList order sql injection

Post correlati

CVE-2024-8792 | Subscribe to Comments Plugin up to 2.3 on WordPress cross site scripting

CVE-2025-24565 | Saleswonder Team Tobias WP2LEADS Plugin up to 3.3.3 on WordPress cross site scripting

CVE-2024-31756 | MarvinTest Solutions Hardware Access Driver up to 5.0.3.0 Hw65.sys Local Privilege Escalation

CVE-2025-52923 | Sangfor aTrust 2.4.10 ExecStartPre Command permission assignment (EUVD-2025-18829)