CVE-2026-11561

Published Jun 11, 2026

Last updated 2 days ago

CVSS critical 9.8

Overview

Description
Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6.
Source
iletisim@usom.gov.tr
NVD status
Deferred

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

iletisim@usom.gov.tr
CWE-917

Social media

Hype score
Not currently trending

References

Sources include official advisories and independent security research.