Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
SQL injection in YunaiV yudao-cloud up to version 2026.01 allows authenticated remote attackers to execute arbitrary SQL queries via the toMail parameter in the /admin-api/system/mail-log/page endpoint, enabling data exfiltration and potential database manipulation. The vulnerability carries a CVSS score of 5.1 with moderate confidentiality and integrity impact. Public exploit code is available, and the vendor has not responded to early disclosure efforts, leaving organizations dependent on self-patching or workarounds.
Technical ContextAI
The vulnerability is a SQL injection (CWE-74) affecting the yudao-cloud application framework, a cloud-native microservices platform. The flaw exists in the mail logging API endpoint (/admin-api/system/mail-log/page) where user-supplied input in the toMail parameter is insufficiently sanitized before being incorporated into database queries. SQL injection of this type typically occurs when dynamic SQL is constructed through string concatenation without parameterized queries or proper input validation, allowing attackers to break out of the intended query context and inject malicious SQL commands. The attack surface is the administrative API layer, which handles system mail log retrieval functionality.
RemediationAI
No vendor-released patch has been identified at time of analysis. Organizations should immediately implement the following defensive measures: (1) Restrict access to the /admin-api/system/mail-log/page endpoint to only trusted administrative networks using firewall or API gateway rules; (2) Audit administrative accounts and revoke unnecessary high-privilege credentials to minimize the attack surface; (3) Monitor database query logs for suspicious SQL patterns in mail-log-related queries; (4) Consider disabling or isolating the mail logging feature if not actively used. Contact YunaiV through alternative channels to request security updates. If the vendor remains unresponsive, evaluate migration to maintained alternatives or implement a Web Application Firewall (WAF) rule set to detect and block SQL injection payloads targeting the toMail parameter.
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17216
GHSA-mvcq-rxc9-9pvf