CVE-2026-9568 | ThingsBoard up to 4.3.1.1 YAML /api/v1/provision getGatewayDockerComposeFile code injection (ID 15550)

A vulnerability was found in ThingsBoard up to 4.3.1.1. It has been classified as critical. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection.

The identification of this vulnerability is CVE-2026-9568. It is possible to initiate the attack remotely. There is no exploit available.

The project was informed of the problem early through a pull request but has not reacted yet.

CVE-2026-9568 | ThingsBoard up to 4.3.1.1 YAML /api/v1/provision getGatewayDockerComposeFile code injection (ID 15550)

Post correlati

CVE-2024-14026 | QNAP QTS/QuTS hero os command injection (qsa-24-54)

CVE-2024-8496 | Ivanti Workspace Control up to 10.6.30.0 default permission

CVE-2026-3969 | FeMiner wms up to 1.0 Basic Organizational Structure depart_add_bg.php Name sql injection

CVE-2025-11026 | givanz Vvveb up to 1.0.7.2 Configuration File information disclosure