CVE-2026-9466 | Tiandy Easy7 Integrated Management Platform 7.17.0 API Endpoint updateUserPassword password recovery

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0 and classified as critical. This issue affects some unknown processing of the file /rest/user/updateUserPassword of the component API Endpoint. Executing a manipulation can lead to weak password recovery.

This vulnerability is handled as CVE-2026-9466. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More