CVE-2026-7023 - Vulnerability Details

- ByteDance coze-studio databaseTool database_impl.go ExecuteSQL sql injection

Description

A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database_impl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-04-26

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the ExecuteSQL function within the databaseTool component of ByteDance coze-studio, affecting all releases up to 0.5.1. When an attacker supplies crafted input, the function will concatenate that input directly into a SQL statement, enabling the attacker to execute arbitrary SQL commands on the underlying database. This flaw can lead to reading, modifying, or deleting sensitive data stored in the database, and potentially granting further privileges if the database user has higher-level permissions. The weakness is rooted in the improper handling of untrusted input (CWE‑74 and CWE‑89).

Affected Systems

ByteDance coze‑studio is the affected product, with versions through 0.5.1 vulnerable. No other vendors or products are listed as impacted.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the EPSS score of less than 1% shows a low but non‑zero probability of exploitation. The vulnerability can be triggered remotely, and an exploit is publicly available, raising the practical risk. The system is not listed in the CISA KEV catalog, so it is not known to be widely exploited yet, but its remote nature and public visibility warrant timely remediation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

ByteDance

coze-studio

affected

Version	Status	Constraints
`0.5.0`	affected	—
`0.5.1`	affected	—

Configuration 1 [-]

cpe:2.3:a:coze:coze_studio:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Bytedance

Coze-studio

100%

Version	Status	Scheme	Platform
`0.5.0`	affected	semver	—
`0.5.1`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade ByteDance coze‑studio to the latest released version once the vendor releases a fix.
Limit network access to the database and coze‑studio management interfaces using firewalls or subnet segmentation.
If code changes are possible, refactor the ExecuteSQL implementation to use parameterized queries and validate or sanitize all user‑supplied input before incorporating it into SQL statements.

Generated by OpenCVE AI on April 28, 2026 at 05:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://gist.github.com/YLChen-007/272fe62967b42259ed767d109615030a
https://vuldb.com/submit/797644
https://vuldb.com/vuln/359602
https://vuldb.com/vuln/359602/cti

History

Fri, 01 May 2026 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Coze Coze coze Studio
CPEs		cpe:2.3:a:coze:coze_studio::::::::
Vendors & Products		Coze Coze coze Studio

Mon, 27 Apr 2026 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Bytedance Bytedance coze-studio
Vendors & Products		Bytedance Bytedance coze-studio

Mon, 27 Apr 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sun, 26 Apr 2026 07:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database_impl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		ByteDance coze-studio databaseTool database_impl.go ExecuteSQL sql injection
Weaknesses		CWE-74 CWE-89
References		https://gist.github.com/YLChen-007/272fe62967b42259ed767d109615030a https://vuldb.com/submit/797644 https://vuldb.com/vuln/359602 https://vuldb.com/vuln/359602/cti
Metrics		cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Bytedance Coze-studio

Coze Coze Studio

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-26T06:30:15.273Z

Updated: 2026-04-27T17:00:29.181Z

Reserved: 2026-04-25T13:56:49.168Z

Link: CVE-2026-7023

Vulnrichment

Updated: 2026-04-27T17:00:24.086Z

NVD

Status : Analyzed

Published: 2026-04-26T07:16:03.050

Modified: 2026-05-01T20:27:25.330

Link: CVE-2026-7023

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-28T05:30:23Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object