CVE-2026-7023 | ByteDance coze-studio up to 0.5.1 databaseTool database_impl.go ExecuteSQL sql injection

A vulnerability marked as critical has been reported in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database_impl.go of the component databaseTool. Performing a manipulation results in sql injection.

This vulnerability is identified as CVE-2026-7023. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-7023 | ByteDance coze-studio up to 0.5.1 databaseTool database_impl.go ExecuteSQL sql injection

Post correlati

CVE-2024-33763 | lunasvg 2.3.9 layoutcontext.cpp stack-based overflow

CVE-2023-46384 | LOYTEC LINX Configurator 7.4.10 cleartext storage in the registry

CVE-2024-6953 | itsourcecode Tailoring Management System 1.0 sms.php customer sql injection

CVE-2024-1360 | Colibri WP Plugin up to 1.0.94 on WordPress Limited Plugin Installation cross-site request forgery