{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7023", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-25T13:56:49.168Z", "datePublished": "2026-04-26T06:30:15.273Z", "dateUpdated": "2026-04-27T17:00:29.181Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-26T06:30:15.273Z"}, "title": "ByteDance coze-studio databaseTool database_impl.go ExecuteSQL sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "ByteDance", "product": "coze-studio", "versions": [{"version": "0.5.0", "status": "affected"}, {"version": "0.5.1", "status": "affected"}], "modules": ["databaseTool"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database_impl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-25T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-25T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-25T16:01:55.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Eric-b (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/359602", "name": "VDB-359602 | ByteDance coze-studio databaseTool database_impl.go ExecuteSQL sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/359602/cti", "name": "VDB-359602 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/797644", "name": "Submit #797644 | coze-dev coze-studio <= 0.5.1 SQL Injection (CWE-89) / Improper Input Validation (CWE-20)", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/YLChen-007/272fe62967b42259ed767d109615030a", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T17:00:13.538739Z", "id": "CVE-2026-7023", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T17:00:29.181Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "ByteDance coze-studio databaseTool database_impl.go ExecuteSQL sql injection", "credits": [{"lang": "en", "type": "reporter", "value": "Eric-b (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "ByteDance", "modules": ["databaseTool"], "product": "coze-studio", "versions": [{"status": "affected", "version": "0.5.0"}, {"status": "affected", "version": "0.5.1"}]}], "timeline": [{"lang": "en", "time": "2026-04-25T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-25T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-25T16:01:55.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/359602", "name": "VDB-359602 | ByteDance coze-studio databaseTool database_impl.go ExecuteSQL sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/359602/cti", "name": "VDB-359602 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/797644", "name": "Submit #797644 | coze-dev coze-studio <= 0.5.1 SQL Injection (CWE-89) / Improper Input Validation (CWE-20)", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/YLChen-007/272fe62967b42259ed767d109615030a", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database_impl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "SQL Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-26T06:30:15.273Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-7023", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-27T17:00:13.538739Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-04-27T17:00:24.086Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-7023", "state": "PUBLISHED", "dateUpdated": "2026-04-26T06:30:15.273Z", "dateReserved": "2026-04-25T13:56:49.168Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-26T06:30:15.273Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:coze:coze_studio:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EE38B52-20E4-44EF-A165-A1A7FF506F40", "versionEndIncluding": "0.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database_impl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-7023", "lastModified": "2026-05-01T20:27:25.330", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-26T07:16:03.050", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/YLChen-007/272fe62967b42259ed767d109615030a"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/submit/797644"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/vuln/359602"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/vuln/359602/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.5.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.5.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "coze-studio", "source": "cna", "vendor": "ByteDance"}, "product": "coze-studio", "vendor": "bytedance"}], "analysis": {"en": {"generated_at": "2026-04-28T05:23:22.186871+00:00", "value": {"mitigation_remediation": ["Upgrade ByteDance coze\u2011studio to the latest released version once the vendor releases a fix.", "Limit network access to the database and coze\u2011studio management interfaces using firewalls or subnet segmentation.", "If code changes are possible, refactor the ExecuteSQL implementation to use parameterized queries and validate or sanitize all user\u2011supplied input before incorporating it into SQL statements."], "summary": {"action": "Patch immediately", "impact": "Remote SQL Injection"}, "threat_synthesis": {"affected_systems": "ByteDance coze\u2011studio is the affected product, with versions through 0.5.1 vulnerable. No other vendors or products are listed as impacted.", "description_and_impact": "The vulnerability resides in the ExecuteSQL function within the databaseTool component of ByteDance coze-studio, affecting all releases up to 0.5.1. When an attacker supplies crafted input, the function will concatenate that input directly into a SQL statement, enabling the attacker to execute arbitrary SQL commands on the underlying database. This flaw can lead to reading, modifying, or deleting sensitive data stored in the database, and potentially granting further privileges if the database user has higher-level permissions. The weakness is rooted in the improper handling of untrusted input (CWE\u201174 and CWE\u201189).", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity, and the EPSS score of less than 1% shows a low but non\u2011zero probability of exploitation. The vulnerability can be triggered remotely, and an exploit is publicly available, raising the practical risk. The system is not listed in the CISA KEV catalog, so it is not known to be widely exploited yet, but its remote nature and public visibility warrant timely remediation."}}}}, "created": "2026-04-27T19:52:34.245260+00:00", "updated": "2026-04-28T05:30:23.355425+00:00", "vendors": ["bytedance", "bytedance$PRODUCT$coze-studio"]}