CVE-2026-1129 is a SQL injection vulnerability identified in Yonyou KSOA version 9.0, a business management software widely used in enterprise resource planning (ERP) contexts. The vulnerability resides in the HTTP GET parameter handler of the /worksheet/worksadd.jsp file, where the 'ID' parameter is improperly sanitized, allowing attackers to inject malicious SQL code. This injection flaw can be exploited remotely without requiring any authentication or user interaction, making it highly accessible to attackers. Successful exploitation can lead to unauthorized access to sensitive data, modification or deletion of database records, and potential disruption of service. The vulnerability has a CVSS 4.0 score of 6.9, reflecting a medium severity level, with the attack vector being network-based and no privileges or user interaction needed. Despite early notification, the vendor Yonyou has not responded or issued a patch, and a public exploit is now available, increasing the risk of widespread attacks. The vulnerability affects the confidentiality, integrity, and availability of systems running the affected software version. Given the critical role of ERP systems in managing business operations, exploitation could have significant operational and financial consequences. The lack of vendor remediation necessitates immediate defensive measures by organizations using Yonyou KSOA 9.0 to mitigate potential exploitation risks.

For European organizations, this vulnerability poses a significant risk to the security and stability of business-critical ERP systems. Exploitation could lead to unauthorized disclosure of sensitive corporate data, including financial records, employee information, and operational details, undermining confidentiality. Integrity of data could be compromised through unauthorized modifications or deletions, potentially disrupting business processes and decision-making. Availability may also be affected if attackers leverage the vulnerability to cause denial-of-service conditions or corrupt database contents. Given that Yonyou KSOA is used in sectors such as manufacturing, finance, and supply chain management, the impact could extend to operational disruptions and financial losses. The public availability of an exploit increases the likelihood of attacks, including automated scanning and exploitation attempts. The absence of vendor patches means organizations must rely on compensating controls, increasing the operational burden and risk exposure. Regulatory compliance risks also arise if personal or sensitive data is compromised, potentially leading to GDPR violations and associated penalties.

1. Implement strict input validation and sanitization for the 'ID' parameter at the application or web server level to block malicious SQL payloads. 2. Deploy and configure Web Application Firewalls (WAFs) with updated rules to detect and block SQL injection attempts targeting the vulnerable endpoint. 3. Restrict network access to the affected application components by segmenting the network and limiting exposure to trusted IP addresses only. 4. Monitor logs and network traffic for unusual or suspicious activity related to the /worksheet/worksadd.jsp endpoint, including repeated or malformed requests. 5. Conduct internal code reviews and penetration testing to identify and remediate similar injection flaws in other parts of the application. 6. Engage with Yonyou support channels persistently to obtain official patches or guidance. 7. Prepare incident response plans specific to SQL injection exploitation scenarios to minimize impact if an attack occurs. 8. Consider temporary disabling or restricting access to the vulnerable functionality if feasible until a patch is available. 9. Educate development and security teams about secure coding practices to prevent future injection vulnerabilities.