LOW
YunaiV
CVE published 2026-05-25
CVE-2026-9464
A Server-Side Request Forgery (SSRF) vulnerability exists in the YunaiV yudao-cloud platform, specifically within the IotDataSinkHttpConfig function accessible via the /admin-api/iot/data-sink/create Admin API endpoint. The vulnerability was published on 2026-05-25 and last modified on 2026-05-26. The issue allows remote attackers to manipulate the affected function to perform unauthorized server-side req [truncated]