CVE-2026-9466

EUVD-2026-31698

25.05.2026, 16:16

A vulnerability was determined in Tiandy Easy7 Integrated Management Platform 7.17.0. This issue affects some unknown processing of the file /rest/user/updateUserPassword of the component API Endpoint. Executing a manipulation can lead to weak password recovery. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 8%

Common Weakness Enumeration

CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References

https://ucn9h68n9289.feishu.cn/wiki/DRghw6X8piOtClkjBkHcfgvtnPx?from=from_copylink

https://vuldb.com/submit/813990

https://vuldb.com/vuln/365447

https://vuldb.com/vuln/365447/cti