CVE-2026-11561
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk15th percentile — higher than 15% of all known CVEs
Summary
CVE-2026-11561 describes an improper neutralization of special elements used in expression language statements, allowing for code injection in Apinizer software by Soagen Informatics Technologies Software and Consulting Inc.
Risk Assessment
Exploitation of this vulnerability could lead to unauthorized code execution, posing a significant threat to the security of the system and the organization's data.
Recommendation
It is recommended to update Apinizer software to version 2026.04.6 or later to mitigate this vulnerability.
Original NVD description (English source)
Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6.

