CVE-2026-5147 | YunaiV yudao-cloud up to 2026.01 get-by-website Website sql injection

A vulnerability categorized as critical has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection.

This vulnerability is known as CVE-2026-5147. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More