CVE-2026-1050 | risesoft-y9 Digital-Infrastructure up to 9.6.7 REST Authenticate Endpoint Y9PlatformUtil.java sql injection

A vulnerability, which was classified as critical, was found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection.

This vulnerability is tracked as CVE-2026-1050. The attack can be launched remotely. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-1050 | risesoft-y9 Digital-Infrastructure up to 9.6.7 REST Authenticate Endpoint Y9PlatformUtil.java sql injection

Post correlati

CVE-2024-1170 | Post Form Plugin up to 2.8.7 on WordPress Media Deletion authorization

CVE-2025-26533 | Moodle up to 4.1.15/4.3.9/4.4.5/4.5.1 Module List Filter sql injection

CVE-2024-51741 | Redis up to 7.2.6/7.4.1 ACL Selector denial of service (GHSA-prpq-rh5h-46g9)

CVE-2025-13554 | Campcodes Supplier Management System 1.0 Login /index.php txtUsername sql injection