CVE-2026-1050: risesoft-y9 Digital-Infrastructure has a SQL injection vulnerability

January 17, 2026 (updated January 20, 2026)

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

github.com/advisories/GHSA-vhcx-7rpg-hp39
github.com/risesoft-y9/Digital-Infrastructure
github.com/risesoft-y9/Digital-Infrastructure/issues/2
nvd.nist.gov/vuln/detail/CVE-2026-1050
vuldb.com/?ctiid.341603
vuldb.com/?id.341603
vuldb.com/?submit.731010

Code Behaviors & Features

Detect and mitigate CVE-2026-1050 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →