CVE-2026-1133: SQL Injection in Yonyou KSOA
CVE-2026-1133 is a medium severity SQL injection vulnerability in Yonyou KSOA version 9. 0, specifically in the /kmf/folder. jsp HTTP GET parameter handler via the folderid argument. The vulnerability allows unauthenticated remote attackers to manipulate SQL queries, potentially leading to data leakage or modification. The vendor has not responded to disclosure, and no official patches are available. Exploitation does not require user interaction or privileges, but the impact on confidentiality, integrity, and availability is limited to low. Although no known exploits are currently observed in the wild, the public disclosure increases risk. European organizations using Yonyou KSOA 9. 0 should prioritize mitigation to prevent potential attacks. Countries with significant adoption of Yonyou products and critical industries relying on them are at higher risk.
AI Analysis
Technical Summary
CVE-2026-1133 identifies a SQL injection vulnerability in Yonyou KSOA 9.0, a business software platform widely used for enterprise resource planning and office automation. The vulnerability resides in the HTTP GET parameter handler of the /kmf/folder.jsp file, where the folderid parameter is improperly sanitized, allowing an attacker to inject malicious SQL code. This injection can be exploited remotely without authentication or user interaction, enabling attackers to manipulate backend database queries. Potential consequences include unauthorized data access, data modification, or disruption of service. The CVSS 4.0 base score is 6.9 (medium), reflecting the ease of exploitation and limited impact scope. The vendor was notified early but has not issued any patches or advisories, leaving systems exposed. No known active exploitation has been reported yet, but the public disclosure and availability of exploit details increase the likelihood of future attacks. The vulnerability affects only version 9.0 of KSOA, so organizations running other versions may not be impacted. Given the critical role of KSOA in managing enterprise data, exploitation could lead to significant business disruptions or data breaches if leveraged by attackers.
Potential Impact
For European organizations, this vulnerability poses a moderate risk primarily to confidentiality and integrity of enterprise data managed by Yonyou KSOA 9.0. Attackers could extract sensitive business information or alter records, potentially impacting financial operations, compliance, and decision-making processes. Availability impact is limited but possible if attackers execute disruptive SQL commands. The lack of vendor response and patches increases exposure time, raising the risk of exploitation especially in sectors with high reliance on Yonyou products such as manufacturing, finance, and government agencies. Data privacy regulations like GDPR heighten the consequences of data breaches resulting from this vulnerability. Organizations with remote-facing KSOA instances are particularly vulnerable to automated scanning and exploitation attempts. The medium severity rating suggests that while the vulnerability is serious, it is not critical, but still requires timely attention to prevent escalation.
Mitigation Recommendations
Since no official patches are available, European organizations should implement immediate compensating controls. These include deploying web application firewalls (WAFs) with custom rules to detect and block SQL injection attempts targeting the folderid parameter in /kmf/folder.jsp. Conduct thorough input validation and sanitization on all user-supplied parameters within KSOA if possible. Restrict network access to the KSOA web interface to trusted IP ranges and enforce strong authentication and authorization controls to reduce exposure. Monitor logs for suspicious query patterns or repeated access attempts to the vulnerable endpoint. Consider isolating the affected application in a segmented network zone to limit lateral movement. Engage with Yonyou support channels for updates and plan for an upgrade or patch deployment once available. Regularly back up critical data to enable recovery in case of compromise. Finally, conduct security awareness training for IT staff to recognize and respond to exploitation attempts.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Poland, Sweden, Austria
CVE-2026-1133: SQL Injection in Yonyou KSOA
Description
CVE-2026-1133 is a medium severity SQL injection vulnerability in Yonyou KSOA version 9. 0, specifically in the /kmf/folder. jsp HTTP GET parameter handler via the folderid argument. The vulnerability allows unauthenticated remote attackers to manipulate SQL queries, potentially leading to data leakage or modification. The vendor has not responded to disclosure, and no official patches are available. Exploitation does not require user interaction or privileges, but the impact on confidentiality, integrity, and availability is limited to low. Although no known exploits are currently observed in the wild, the public disclosure increases risk. European organizations using Yonyou KSOA 9. 0 should prioritize mitigation to prevent potential attacks. Countries with significant adoption of Yonyou products and critical industries relying on them are at higher risk.
AI-Powered Analysis
Technical Analysis
CVE-2026-1133 identifies a SQL injection vulnerability in Yonyou KSOA 9.0, a business software platform widely used for enterprise resource planning and office automation. The vulnerability resides in the HTTP GET parameter handler of the /kmf/folder.jsp file, where the folderid parameter is improperly sanitized, allowing an attacker to inject malicious SQL code. This injection can be exploited remotely without authentication or user interaction, enabling attackers to manipulate backend database queries. Potential consequences include unauthorized data access, data modification, or disruption of service. The CVSS 4.0 base score is 6.9 (medium), reflecting the ease of exploitation and limited impact scope. The vendor was notified early but has not issued any patches or advisories, leaving systems exposed. No known active exploitation has been reported yet, but the public disclosure and availability of exploit details increase the likelihood of future attacks. The vulnerability affects only version 9.0 of KSOA, so organizations running other versions may not be impacted. Given the critical role of KSOA in managing enterprise data, exploitation could lead to significant business disruptions or data breaches if leveraged by attackers.
Potential Impact
For European organizations, this vulnerability poses a moderate risk primarily to confidentiality and integrity of enterprise data managed by Yonyou KSOA 9.0. Attackers could extract sensitive business information or alter records, potentially impacting financial operations, compliance, and decision-making processes. Availability impact is limited but possible if attackers execute disruptive SQL commands. The lack of vendor response and patches increases exposure time, raising the risk of exploitation especially in sectors with high reliance on Yonyou products such as manufacturing, finance, and government agencies. Data privacy regulations like GDPR heighten the consequences of data breaches resulting from this vulnerability. Organizations with remote-facing KSOA instances are particularly vulnerable to automated scanning and exploitation attempts. The medium severity rating suggests that while the vulnerability is serious, it is not critical, but still requires timely attention to prevent escalation.
Mitigation Recommendations
Since no official patches are available, European organizations should implement immediate compensating controls. These include deploying web application firewalls (WAFs) with custom rules to detect and block SQL injection attempts targeting the folderid parameter in /kmf/folder.jsp. Conduct thorough input validation and sanitization on all user-supplied parameters within KSOA if possible. Restrict network access to the KSOA web interface to trusted IP ranges and enforce strong authentication and authorization controls to reduce exposure. Monitor logs for suspicious query patterns or repeated access attempts to the vulnerable endpoint. Consider isolating the affected application in a segmented network zone to limit lateral movement. Engage with Yonyou support channels for updates and plan for an upgrade or patch deployment once available. Regularly back up critical data to enable recovery in case of compromise. Finally, conduct security awareness training for IT staff to recognize and respond to exploitation attempts.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-01-18T07:13:54.296Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 696d99ead302b072d92fe5e8
Added to database: 1/19/2026, 2:41:46 AM
Last enriched: 1/26/2026, 8:06:55 PM
Last updated: 2/6/2026, 8:20:24 PM
Views: 40
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-2065: Missing Authentication in Flycatcher Toys smART Pixelator
MediumCVE-2026-25640: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in pydantic pydantic-ai
HighCVE-2026-25641: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition in nyariv SandboxJS
CriticalCVE-2026-25587: CWE-94: Improper Control of Generation of Code ('Code Injection') in nyariv SandboxJS
CriticalCVE-2026-25586: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in nyariv SandboxJS
CriticalActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.