CVE-2026-9464 | YunaiV yudao-cloud 2026.03 Admin API Endpoint create IotDataSinkHttpConfig server-side request forgery

A vulnerability, which was classified as critical, was found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such manipulation leads to server-side request forgery.

This vulnerability is traded as CVE-2026-9464. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More