CVE-2026-11561
9.8 CRITICALImproper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in S...
Published: 2026-06-11 · Last updated: 2026-06-12
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-917
Description
Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-40985 — Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions (6.4 MEDIUM)
- CVE-2026-41729 — Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-pat... (8.1 HIGH)
- CVE-2026-41719 — A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query met... (6.4 MEDIUM)
- CVE-2026-41717 — Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability (8.1 HIGH)
- CVE-2026-8888 — Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular... (7.5 HIGH)