CVE-2026-11561
published 2026-06-11CVE-2026-11561: Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics…
PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.42%
33.4th percentile
Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection.
This issue affects Apinizer: from 2026.04.0 before 2026.04.6.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| soagen_informatics_technologies_software_and_consulting_inc | apinizer | >= 2026.04.0 < 2026.04.6 | 2026.04.6 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Soagen Apinizer up to 2026.04.5 Expression Language Statement expression language injection (EUVD-2026-36238)
vuldb·2026-06-11·CVSS 5.3
CVE-2026-11561 [MEDIUM] Soagen Apinizer up to 2026.04.5 Expression Language Statement expression language injection (EUVD-2026-36238)
A vulnerability marked as problematic has been reported in Soagen Apinizer up to 2026.04.5. Affected by this vulnerability is an unknown functionality of the component Expression Language Statement Handler. This manipulation causes improper neutralization of special elements used in an expression language statement.
This vulnerability is handled as CVE-2026-11561. The attack can be initiated remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
GHSA
Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc.
ghsa_unreviewed·2026-06-11
CVE-2026-11561 [MEDIUM] CWE-917 Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc.
Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection.
This issue affects Apinizer: from 2026.04.0 before 2026.04.6.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-11
Published