Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Apinizer by Soagen Informatics Technologies Software and Consulting Inc.
CVE-2026-11561 (GCVE-0-2026-11561)
Vulnerability from nvd – Published: 2026-06-11 12:28 – Updated: 2026-06-12 08:38
VLAI
Title
SSTI in Soagen Informatics' Apinizer
Summary
Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection.
This issue affects Apinizer: from 2026.04.0 before 2026.04.6.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-917 - Improper neutralization of special elements used in an expression language statement ('expression language injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Soagen Informatics Technologies Software and Consulting Inc. | Apinizer |
Affected:
2026.04.0 , < 2026.04.6
(custom)
|
Date Public
2026-06-11 12:10
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11561",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T13:55:57.991756Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T13:56:29.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apinizer",
"vendor": "Soagen Informatics Technologies Software and Consulting Inc.",
"versions": [
{
"lessThan": "2026.04.6",
"status": "affected",
"version": "2026.04.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alperen KESK\u0130N"
}
],
"datePublic": "2026-06-11T12:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper neutralization of special elements used in an expression language statement (\u0027expression language injection\u0027) vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection.\u003cp\u003eThis issue affects Apinizer: from 2026.04.0 before 2026.04.6.\u003c/p\u003e"
}
],
"value": "Improper neutralization of special elements used in an expression language statement (\u0027expression language injection\u0027) vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection.\n\nThis issue affects Apinizer: from 2026.04.0 before 2026.04.6."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-917",
"description": "CWE-917 Improper neutralization of special elements used in an expression language statement (\u0027expression language injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T08:38:05.509Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0365"
}
],
"source": {
"advisory": "TR-26-0365",
"defect": [
"TR-26-0365"
],
"discovery": "UNKNOWN"
},
"title": "SSTI in Soagen Informatics\u0027 Apinizer",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-11561",
"datePublished": "2026-06-11T12:28:27.520Z",
"dateReserved": "2026-06-08T07:41:39.025Z",
"dateUpdated": "2026-06-12T08:38:05.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11561 (GCVE-0-2026-11561)
Vulnerability from cvelistv5 – Published: 2026-06-11 12:28 – Updated: 2026-06-12 08:38
VLAI
Title
SSTI in Soagen Informatics' Apinizer
Summary
Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection.
This issue affects Apinizer: from 2026.04.0 before 2026.04.6.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-917 - Improper neutralization of special elements used in an expression language statement ('expression language injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Soagen Informatics Technologies Software and Consulting Inc. | Apinizer |
Affected:
2026.04.0 , < 2026.04.6
(custom)
|
Date Public
2026-06-11 12:10
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11561",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T13:55:57.991756Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T13:56:29.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apinizer",
"vendor": "Soagen Informatics Technologies Software and Consulting Inc.",
"versions": [
{
"lessThan": "2026.04.6",
"status": "affected",
"version": "2026.04.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alperen KESK\u0130N"
}
],
"datePublic": "2026-06-11T12:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper neutralization of special elements used in an expression language statement (\u0027expression language injection\u0027) vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection.\u003cp\u003eThis issue affects Apinizer: from 2026.04.0 before 2026.04.6.\u003c/p\u003e"
}
],
"value": "Improper neutralization of special elements used in an expression language statement (\u0027expression language injection\u0027) vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection.\n\nThis issue affects Apinizer: from 2026.04.0 before 2026.04.6."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-917",
"description": "CWE-917 Improper neutralization of special elements used in an expression language statement (\u0027expression language injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T08:38:05.509Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0365"
}
],
"source": {
"advisory": "TR-26-0365",
"defect": [
"TR-26-0365"
],
"discovery": "UNKNOWN"
},
"title": "SSTI in Soagen Informatics\u0027 Apinizer",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-11561",
"datePublished": "2026-06-11T12:28:27.520Z",
"dateReserved": "2026-06-08T07:41:39.025Z",
"dateUpdated": "2026-06-12T08:38:05.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}