Skip to main content

Apinizer

1 CVEs product

Monthly

CVE-2026-11561 CRITICAL PATCH Act Now

Expression language injection in Soagen Informatics' Apinizer API management platform versions 2026.04.0 through 2026.04.5 allows remote unauthenticated attackers to inject malicious EL expressions that the server evaluates, resulting in arbitrary code execution. The flaw was reported by Turkey's national CERT (TR-CERT) and carries a CVSS 9.8 critical rating, though SSVC currently indicates no observed exploitation and no public exploit identified at time of analysis. A vendor patch is available in version 2026.04.6.

Code Injection Apinizer
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Expression language injection in Soagen Informatics' Apinizer API management platform versions 2026.04.0 through 2026.04.5 allows remote unauthenticated attackers to inject malicious EL expressions that the server evaluates, resulting in arbitrary code execution. The flaw was reported by Turkey's national CERT (TR-CERT) and carries a CVSS 9.8 critical rating, though SSVC currently indicates no observed exploitation and no public exploit identified at time of analysis. A vendor patch is available in version 2026.04.6.

Code Injection Apinizer
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy