CVE-2026-9437 | DTStack Taier 1.4.0 REST API Runtime.exec sqlText os command injection

Inserito da Angelo Barbosa | Mag 24, 2026 | CVE

A vulnerability has been found in DTStack Taier 1.4.0 and classified as critical. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection.

This vulnerability is uniquely identified as CVE-2026-9437. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-9437 | DTStack Taier 1.4.0 REST API Runtime.exec sqlText os command injection

Post correlati

CVE-2026-43285 | Linux Kernel up to 6.18.15/6.19.5 slab get_from_any_partial deadlock

CVE-2021-47371 | Linux Kernel up to 5.14.8 nexthop unregister_nexthop_notifier memory leak (741760fa6252/3106a0847525)

CVE-2024-33867 | linqi up to 1.4.0.0 on Windows hard-coded password

CVE-2024-7373 | SourceCodester Simple Realtime Quiz System 1.0 ajax.php id sql injection