Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Apinizer by Soagen Informatics Technologies Software and Consulting Inc.

    CVE-2026-11561 (GCVE-0-2026-11561)

    Vulnerability from nvd – Published: 2026-06-11 12:28 – Updated: 2026-06-12 08:38
    VLAI
    Title
    SSTI in Soagen Informatics' Apinizer
    Summary
    Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-917 - Improper neutralization of special elements used in an expression language statement ('expression language injection')
    Assigner
    References
    Impacted products
    Date Public
    2026-06-11 12:10
    Credits
    Alperen KESKİN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11561",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-11T13:55:57.991756Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-11T13:56:29.103Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apinizer",
              "vendor": "Soagen Informatics Technologies Software and Consulting Inc.",
              "versions": [
                {
                  "lessThan": "2026.04.6",
                  "status": "affected",
                  "version": "2026.04.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alperen KESK\u0130N"
            }
          ],
          "datePublic": "2026-06-11T12:10:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper neutralization of special elements used in an expression language statement (\u0027expression language injection\u0027) vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection.\u003cp\u003eThis issue affects Apinizer: from 2026.04.0 before 2026.04.6.\u003c/p\u003e"
                }
              ],
              "value": "Improper neutralization of special elements used in an expression language statement (\u0027expression language injection\u0027) vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection.\n\nThis issue affects Apinizer: from 2026.04.0 before 2026.04.6."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-917",
                  "description": "CWE-917 Improper neutralization of special elements used in an expression language statement (\u0027expression language injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-12T08:38:05.509Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0365"
            }
          ],
          "source": {
            "advisory": "TR-26-0365",
            "defect": [
              "TR-26-0365"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "SSTI in Soagen Informatics\u0027 Apinizer",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2026-11561",
        "datePublished": "2026-06-11T12:28:27.520Z",
        "dateReserved": "2026-06-08T07:41:39.025Z",
        "dateUpdated": "2026-06-12T08:38:05.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11561 (GCVE-0-2026-11561)

    Vulnerability from cvelistv5 – Published: 2026-06-11 12:28 – Updated: 2026-06-12 08:38
    VLAI
    Title
    SSTI in Soagen Informatics' Apinizer
    Summary
    Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-917 - Improper neutralization of special elements used in an expression language statement ('expression language injection')
    Assigner
    References
    Impacted products
    Date Public
    2026-06-11 12:10
    Credits
    Alperen KESKİN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11561",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-11T13:55:57.991756Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-11T13:56:29.103Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apinizer",
              "vendor": "Soagen Informatics Technologies Software and Consulting Inc.",
              "versions": [
                {
                  "lessThan": "2026.04.6",
                  "status": "affected",
                  "version": "2026.04.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Alperen KESK\u0130N"
            }
          ],
          "datePublic": "2026-06-11T12:10:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper neutralization of special elements used in an expression language statement (\u0027expression language injection\u0027) vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection.\u003cp\u003eThis issue affects Apinizer: from 2026.04.0 before 2026.04.6.\u003c/p\u003e"
                }
              ],
              "value": "Improper neutralization of special elements used in an expression language statement (\u0027expression language injection\u0027) vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection.\n\nThis issue affects Apinizer: from 2026.04.0 before 2026.04.6."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-917",
                  "description": "CWE-917 Improper neutralization of special elements used in an expression language statement (\u0027expression language injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-12T08:38:05.509Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0365"
            }
          ],
          "source": {
            "advisory": "TR-26-0365",
            "defect": [
              "TR-26-0365"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "SSTI in Soagen Informatics\u0027 Apinizer",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2026-11561",
        "datePublished": "2026-06-11T12:28:27.520Z",
        "dateReserved": "2026-06-08T07:41:39.025Z",
        "dateUpdated": "2026-06-12T08:38:05.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }