CVE-2026-5147 in YunaiV yudao-cloud
要約 (英語)
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
公開
2026年03月30日
エントリ
VulDB provides additional information and datapoints for this CVE:
| 識別子 | 脆弱性 | CWE | 悪用可 | 対策 | CVE |
|---|---|---|---|---|---|
| 354181 | YunaiV yudao-cloud get-by-website SQLインジェクション | 89 | 概念実証 | 未定義 | CVE-2026-5147 |