SSTI in Soagen Informatics’ Apinizer_CVE-2026-11561

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection.

This issue affects Apinizer: from 2026.04.0 before 2026.04.6.

Basic Information

ID CVE-2026-11561

Source TR-CERT

Published Jun 11, 2026 at 12:28

Affected Product

Vendor Soagen Informatics Technologies Software and Consulting Inc.

Product Apinizer

Version 2026.04.0

Affected Versions Soagen Informatics Technologies Software and Consulting Inc. Apinizer 2026.04.0

CWE Classification

CWE-917

References

siberguvenlik.gov.tr /guvenlik-bildirimleri/detay/tr-26-0365

{
    "lastseen": "",
    "description": "Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection.\n\nThis issue affects Apinizer: from 2026.04.0 before 2026.04.6.",
    "published": "2026-06-11T12:28:27.520Z",
    "modified": "2026-06-11T12:28:27.520Z",
    "type": "cve",
    "title": "SSTI in Soagen Informatics' Apinizer",
    "source": "TR-CERT",
    "references": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0365",
    "id": "CVE-2026-11561",
    "bulletinFamily": "",
    "cwe": [
        "CWE-917"
    ],
    "cvelist": null,
    "sourceData": "Soagen Informatics Technologies Software and Consulting Inc. Apinizer 2026.04.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apinizer",
    "version": "2026.04.0",
    "vendor": "Soagen Informatics Technologies Software and Consulting Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}