CVE-2026-7023
Published: 26 April 2026
Summary
CVE-2026-7023 is a low-severity Injection (CWE-74) vulnerability in Coze Coze Studio. Its CVSS base score is 2.1 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-7023 is a SQL injection vulnerability affecting ByteDance coze-studio versions up to 0.5.1. The issue resides in the ExecuteSQL function within the file backend/domain/memory/database/service/database_impl.go of the databaseTool component. Manipulation of this function leads to SQL injection, as classified under CWE-74 and CWE-89, with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
The vulnerability can be exploited remotely by an attacker with low privileges. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, enabling potential unauthorized access, modification, or disruption of database operations through injected SQL commands.
Advisories from VulDB, including recent entries on the vulnerability and related CTI, document the issue but note no response from the vendor despite early contact. No patches or official mitigations are mentioned. The exploit is publicly available via a GitHub Gist.
Notable context includes the public disclosure of the exploit, which may facilitate its use in attacks, with the vulnerability published on 2026-04-26.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-25698
Vulnerability details
A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database_impl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be initiated remotely. The…
more
exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote SQL injection in application component directly enables T1190 Exploit Public-Facing Application for initial access and database manipulation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents SQL injection by requiring validation of all inputs to the vulnerable ExecuteSQL function in database_impl.go.
Mandates timely identification, reporting, and correction of the SQL injection flaw in the coze-studio databaseTool component.
Enables detection of the SQL injection vulnerability through regular scanning of the affected coze-studio application.