CVE-2026-9464 | YunaiV yudao-cloud 2026.03 Admin API Endpoint create IotDataSinkHttpConfig server-side request forgery

Inserito da Angelo Barbosa | Mag 24, 2026 | CVE

A vulnerability, which was classified as critical, was found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such manipulation leads to server-side request forgery.

This vulnerability is traded as CVE-2026-9464. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-9464 | YunaiV yudao-cloud 2026.03 Admin API Endpoint create IotDataSinkHttpConfig server-side request forgery

Post correlati

CVE-2024-38321 | IBM Business Automation Workflow 22.0.2/23.0.1/23.0.2/24.0.0 log file (XFDB-284868)

CVE-2022-49510 | Linux Kernel up to 5.17.13/5.18.2 omap_overlay.c null pointer dereference

CVE-2024-35307 | Artica Pandora FMS up to 776 Realtime Graph Extension argument injection

CVE-2025-9132 | Google Chrome up to 139.0.7258.127 V8 out-of-bounds write (ID 436181)