Description
A vulnerability has been found in DTStack Taier 1.4.0. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-25
Score: 5.3 Medium
EPSS: 1.4% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The reported issue stems from an inappropriate use of Runtime.exec in the DTStack Taier REST API. By manipulating the sqlText argument, an attacker can inject arbitrary operating‑system commands. This vulnerability allows a remote attacker to execute code on the underlying host, potentially leading to full system compromise. The weakness is categorized as a command injection (CWE‑77 and CWE‑78) affecting the input handling within the API. No particular authentication or privilege is required beyond the ability to send requests to the exposed REST endpoint.

Affected Systems

The flaw is present in DTStack Taier version 1.4.0. The vulnerability resides in the component that parses the sqlText parameter within the REST API layer. Users running this specific version of Taier are at risk unless they move to a later release in which the issue has been addressed. No other versions or sub‑components were identified as affected in the data provided.

Risk and Exploitability

The CVSS score of 5.3 classifies the flaw as moderate, while the EPSS score is not available, indicating no publicly available exploitation statistics at this time. The attack can be carried out remotely through the exposed API, and the vulnerability is publicly disclosed, which means a malicious actor could readily craft a payload. The vulnerability is not listed in CISA's KEV catalog, suggesting that no known exploits have been observed by the agency. Nevertheless, the nature of OS command injection warrants attention, as any unfiltered input could enable an attacker to run arbitrary commands with the privileges assigned to the Taier service.

Generated by OpenCVE AI on May 25, 2026 at 09:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a version of DTStack Taier that has incorporated the fix for the Runtime.exec injection vulnerability.
  • Implement input validation on the sqlText parameter to reject or sanitize characters that could form command separators or shell metacharacters.
  • Replace calls to Runtime.exec with safer alternatives such as ProcessBuilder, ensuring that arguments are passed as separate tokens and not concatenated into a single string.
  • Run the Taier service with the least privilege possible and configure a firewall rule to limit inbound connections to the REST endpoint only from trusted sources.

Generated by OpenCVE AI on May 25, 2026 at 09:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 25 May 2026 08:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in DTStack Taier 1.4.0. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title DTStack Taier REST API Runtime.exec os command injection
First Time appeared Dtstack
Dtstack taier
Weaknesses CWE-77
CWE-78
CPEs cpe:2.3:a:dtstack:taier:*:*:*:*:*:*:*:*
Vendors & Products Dtstack
Dtstack taier
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Dtstack Taier
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-26T13:12:46.356Z

Reserved: 2026-05-24T07:14:10.469Z

Link: CVE-2026-9437

cve-icon Vulnrichment

Updated: 2026-05-26T13:12:43.468Z

cve-icon NVD

Status : Deferred

Published: 2026-05-25T08:16:25.430

Modified: 2026-05-26T19:54:40.357

Link: CVE-2026-9437

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T12:30:25Z

Weaknesses
  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')

  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')