CVE-2026-1130 is a SQL injection vulnerability affecting Yonyou KSOA version 9.0, a business management software widely used in enterprise environments. The vulnerability resides in the HTTP GET parameter handler for the /worksheet/worksadd_plan.jsp endpoint, where the 'ID' parameter is improperly sanitized, allowing attackers to inject malicious SQL queries. This flaw can be exploited remotely without any authentication or user interaction, making it highly accessible to attackers. The injection can lead to unauthorized data access, modification, or deletion, potentially compromising the confidentiality, integrity, and availability of the backend database. The CVSS 4.0 score of 6.9 reflects a medium severity level, with network attack vector, low attack complexity, and no privileges or user interaction required. Although the vendor was notified early, no patch or official response has been provided, and public exploit code is available, increasing the risk of exploitation. The vulnerability affects only version 9.0 of KSOA, and no information about other versions is provided. Given the nature of SQL injection, attackers could leverage this flaw to extract sensitive business data, escalate privileges, or disrupt services. The lack of vendor response and patch availability necessitates immediate defensive measures by affected organizations.

The impact of CVE-2026-1130 on organizations can be significant. Successful exploitation allows attackers to execute arbitrary SQL commands on the backend database, potentially leading to unauthorized disclosure of sensitive corporate data, including financial records, employee information, and intellectual property. Data integrity may be compromised through unauthorized modifications or deletions, which can disrupt business operations and damage trust. Availability could also be affected if attackers execute destructive queries or cause database crashes. Since the vulnerability requires no authentication or user interaction, it can be exploited by remote attackers with minimal effort, increasing the likelihood of attacks. The public availability of exploit code further raises the risk of widespread exploitation. Organizations relying on Yonyou KSOA 9.0, especially in sectors handling sensitive data, face increased exposure to data breaches, regulatory penalties, and reputational harm. The absence of vendor patches means organizations must rely on compensating controls to mitigate risk until a fix is available.

To mitigate CVE-2026-1130, organizations should implement multiple layers of defense. First, deploy web application firewalls (WAFs) configured to detect and block SQL injection attempts targeting the vulnerable endpoint and parameter. Second, apply strict input validation and sanitization on all user-supplied data, especially the 'ID' parameter in the /worksheet/worksadd_plan.jsp request, using allowlists and parameterized queries where possible. Third, restrict direct internet access to the affected application by placing it behind VPNs or internal networks and segmenting the network to limit attacker lateral movement. Fourth, monitor logs and network traffic for unusual database queries or access patterns indicative of exploitation attempts. Fifth, maintain regular backups of critical databases to enable recovery in case of data corruption or deletion. Finally, engage with Yonyou for updates or patches and plan for timely application once available. Organizations should also consider conducting penetration testing focused on SQL injection to identify and remediate similar vulnerabilities proactively.