Cyber Resilience

CVE-2026-1050

Medium

Published: 17 January 2026

Published
17 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0002 5.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1050 is a medium-severity Injection (CWE-74) vulnerability. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2026-1050 is a SQL injection vulnerability affecting risesoft-y9 Digital-Infrastructure versions up to 9.6.7. The flaw exists in an unknown function within the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java, which is part of the REST Authenticate Endpoint component. It is associated with CWE-74 and CWE-89.

The vulnerability can be exploited remotely by unauthenticated attackers with low attack complexity and no requirement for user interaction, as indicated by its CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Successful exploitation allows limited impacts on confidentiality, integrity, and availability through SQL injection manipulation. An exploit has been published and may be used.

References, including GitHub issues at risesoft-y9/Digital-Infrastructure/issues/2 and VulDB entries (ctiid.341603, id.341603), show that the project was informed early via an issue report but has not responded. No patches or specific mitigations are detailed in the advisories.

EU & UK References

Vulnerability details

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be launched remotely.…

more

The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct remote unauthenticated exploitation of a public REST authentication endpoint via SQL injection for initial access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-3150Shared CWE-74, CWE-89
CVE-2026-3746Shared CWE-74, CWE-89
CVE-2025-2683Shared CWE-74, CWE-89
CVE-2026-5238Shared CWE-74, CWE-89
CVE-2026-4288Shared CWE-74, CWE-89
CVE-2026-2220Shared CWE-74, CWE-89
CVE-2025-1535Shared CWE-74, CWE-89
CVE-2026-0597Shared CWE-74, CWE-89
CVE-2026-1688Shared CWE-74, CWE-89
CVE-2026-5018Shared CWE-74, CWE-89

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and sanitization of all inputs to the REST Authenticate Endpoint, blocking the SQL injection manipulation in Y9PlatformUtil.java.

preventdetect

Boundary protection mechanisms such as WAF rules or input filtering at network interfaces can inspect and drop SQLi payloads targeting the unauthenticated endpoint.

detect

Continuous monitoring of application traffic and database queries can identify anomalous SQL syntax or error patterns indicative of exploitation attempts against the vulnerable endpoint.

References