CVE-2026-4232
Published: 16 March 2026
Summary
CVE-2026-4232 is a medium-severity Injection (CWE-74) vulnerability in Feishu (inferred from references). Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-4232 is a SQL injection vulnerability affecting Tiandy Integrated Management Platform version 7.17.0. The flaw resides in an unknown functionality of the /rest/user/getAuthorityByUserId endpoint, where manipulation of the userId argument triggers the injection. It is classified under CWE-74 and CWE-89, with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and lack of prerequisites.
The vulnerability enables remote exploitation without authentication, user interaction, or high complexity. Attackers can launch the attack over the network, potentially achieving limited impacts on confidentiality, integrity, and availability, such as unauthorized data access, modification, or disruption via injected SQL payloads.
Advisories from VulDB detail the issue, confirming the exploit has been publicly disclosed and is available for use. The vendor was notified early regarding disclosure but provided no response, with no patches or official mitigations mentioned in available references as of publication on 2026-03-16.
Notable context includes the public availability of the exploit, increasing the risk of active utilization against unpatched instances of the affected platform.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-12381
Vulnerability details
A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /rest/user/getAuthorityByUserId. Executing a manipulation of the argument userId can lead to sql injection. The attack may be launched remotely.…
more
The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in unauthenticated public web endpoint (/rest/user/getAuthorityByUserId) directly enables remote exploitation of a public-facing application for initial access and limited data manipulation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly validates the userId input parameter to block SQL injection exploitation in the /rest/user/getAuthorityByUserId endpoint.
Mandates timely patching or correction of the specific SQL injection flaw in Tiandy IMP 7.17.0 to eliminate remote exploitability.
Enables vulnerability scanning to identify and prioritize the SQL injection vulnerability for remediation before public exploit utilization.