CVE-2026-1449

MEDIUM EPSS 27.1%

Published Jan 27, 20265mo ago · Modified Jun 17, 20261w ago

5.5 CVSS 4.0

Medium

Published Jan 27, 2026 5mo ago

Last Modified Jun 17, 2026 1w ago

Description

A flaw has been found in Hisense TransTech Smart Bus Management System up to 20260113. Affected is the function Page_Load of the file YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx. Executing a manipulation of the argument key can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

Base Score

5.5

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

27.1% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-74

CWE-89 SQL Injection Injection

References 4

github.com https://github.com/master-abc/cve/issues/15
vuldb.com https://vuldb.com/?ctiid.342881
vuldb.com https://vuldb.com/?id.342881
vuldb.com https://vuldb.com/?submit.737032

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.