https://feed.craftedsignal.io/tags/cve-2026-5147/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 30 Mar 2026 19:16:27 +0000https://feed.craftedsignal.io/briefs/2026-03-yudao-sql-injection/Mon, 30 Mar 2026 19:16:27 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-yudao-sql-injection/A remote SQL injection vulnerability (CVE-2026-5147) exists in YunaiV yudao-cloud up to version 2026.01 via the Website argument in the /admin-api/system/tenant/get-by-website endpoint, allowing unauthenticated attackers to potentially execute arbitrary SQL queries.A security flaw, identified as CVE-2026-5147, has been discovered in YunaiV yudao-cloud software, specifically versions up to 2026.01. The vulnerability resides in the /admin-api/system/tenant/get-by-website endpoint, where manipulation of the Website argument can lead to SQL injection. This allows for potential remote exploitation without requiring authentication. The vulnerability was reported to the vendor, but no response or patch has been provided. Publicly available exploit code…

]]>highadvisorycve-2026-5147sql-injectionweb-application