CVE-2026-1050
Published: 17 January 2026
Summary
CVE-2026-1050 is a medium-severity Injection (CWE-74) vulnerability. Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SC-7 (Boundary Protection).
Deeper analysis
CVE-2026-1050 is a SQL injection vulnerability affecting risesoft-y9 Digital-Infrastructure versions up to 9.6.7. The flaw exists in an unknown function within the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java, which is part of the REST Authenticate Endpoint component. It is associated with CWE-74 and CWE-89.
The vulnerability can be exploited remotely by unauthenticated attackers with low attack complexity and no requirement for user interaction, as indicated by its CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Successful exploitation allows limited impacts on confidentiality, integrity, and availability through SQL injection manipulation. An exploit has been published and may be used.
References, including GitHub issues at risesoft-y9/Digital-Infrastructure/issues/2 and VulDB entries (ctiid.341603, id.341603), show that the project was informed early via an issue report but has not responded. No patches or specific mitigations are detailed in the advisories.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-3133
Vulnerability details
A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be launched remotely.…
more
The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote unauthenticated exploitation of a public REST authentication endpoint via SQL injection for initial access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and sanitization of all inputs to the REST Authenticate Endpoint, blocking the SQL injection manipulation in Y9PlatformUtil.java.
Boundary protection mechanisms such as WAF rules or input filtering at network interfaces can inspect and drop SQLi payloads targeting the unauthenticated endpoint.
Continuous monitoring of application traffic and database queries can identify anomalous SQL syntax or error patterns indicative of exploitation attempts against the vulnerable endpoint.