MEDIUM
Tiandy
CVE published 2026-05-25
CVE-2026-9466
A vulnerability in Tiandy Easy7 Integrated Management Platform 7.17.0 allows remote attackers to manipulate the /rest/user/updateUserPassword API endpoint, resulting in weak password recovery. The issue was published on 2026-05-25 and modified on 2026-05-26. The vendor was contacted but did not respond. The exploit has been publicly disclosed and may be utilized. CVSS 4.0 score: 5.5 (MEDIUM). CWE-640: Wea [truncated]