CVE Catalog

CVE-2026-11561

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.05%

15th percentile — higher than 15% of all known CVEs

Summary

CVE-2026-11561 describes an improper neutralization of special elements used in expression language statements, allowing for code injection in Apinizer software by Soagen Informatics Technologies Software and Consulting Inc.

Risk Assessment

Exploitation of this vulnerability could lead to unauthorized code execution, posing a significant threat to the security of the system and the organization's data.

Recommendation

It is recommended to update Apinizer software to version 2026.04.6 or later to mitigate this vulnerability.

Original NVD description (English source)

Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS