LOW
DTStack
CVE published 2026-05-25
CVE-2026-9437
A command injection vulnerability exists in DTStack Taier 1.4.0, specifically within the Runtime.exec function of the REST API component. The vulnerability allows remote attackers to execute arbitrary operating system commands by manipulating the sqlText parameter. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no required privileges, and low impact across confidentiality, [truncated]