CVE-2026-4287
Published: 17 March 2026
Summary
CVE-2026-4287 is a medium-severity Injection (CWE-74) vulnerability in Feishu (inferred from references). Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-4287 is a SQL injection vulnerability (CWE-74, CWE-89) affecting Tiandy Easy7 Integrated Management Platform version 7.17.0. The issue occurs in an unknown function of the /rest/devStatus/queryResources file within the Endpoint component, where manipulation of the areaId argument triggers the injection.
The vulnerability enables remote exploitation by unauthenticated attackers over the network, with low attack complexity and no requirement for user interaction (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L, base score 7.3). Successful attacks can result in limited impacts to confidentiality, integrity, and availability.
Advisories from VulDB indicate that an exploit has been publicly released and may be used for attacks. The vendor was contacted early regarding disclosure but provided no response, and no patches or mitigations are mentioned in available references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-12529
Vulnerability details
A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7.17.0. The affected element is an unknown function of the file /rest/devStatus/queryResources of the component Endpoint. Performing a manipulation of the argument areaId results in sql injection. The…
more
attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in a remotely accessible web endpoint (/rest/devStatus/queryResources) of a public-facing management platform directly enables unauthenticated remote exploitation with no user interaction required, mapping to initial access via public-facing application exploitation. No other techniques are directly facilitated given the limited C/I/A impacts and lack of RCE or specific post-exploitation primitives described.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents SQL injection attacks by requiring validation and sanitization of inputs like the areaId parameter in the /rest/devStatus/queryResources endpoint.
Ensures timely identification, reporting, and correction of the specific SQL injection flaw in Tiandy Easy7 version 7.17.0.
Enables detection of the SQL injection vulnerability through scanning and subsequent remediation to address the publicly disclosed exploit.