SQL Injection Vulnerability in xianrendzw EasyReport by xianrendzw
CVE-2026-9524

5.3MEDIUM

Key Information:

Vendor: Xianrendzw
Status: Easyreport
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-9524?

A security vulnerability has been identified in xianrendzw EasyReport, specifically in the REST Endpoint component's execute function. This flaw arises due to improper handling of the reportParams argument, enabling an attacker to exploit the system through SQL injection. By manipulating this argument, remote attackers can execute unauthorized queries against the database. Despite early notification, the vendor has not responded to this critical issue, leaving users potentially exposed to attacks.

Affected Version(s)

EasyReport 2.0.17.0522_Beta

References

https://vuldb.com/vuln/365543

vdb-entrytechnical-description

https://vuldb.com/vuln/365543/cti

signaturepermissions-required

https://vuldb.com/submit/814567

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 25, 2026

Credit

Ku4D3 (VulDB User)

VulDB CNA Team

CVE-2026-9524 Data

JSON