CVE-2026-9568
Deferred Deferred - Pending Action
Code Injection in ThingsBoard via YAML Handler

Publication date: 2026-05-26

Last updated on: 2026-05-26

Assigner: VulDB

Description
A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The project was informed of the problem early through a pull request but has not reacted yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-26
Generated
2026-06-16
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-9568
EUVD
EUVD-2026-31957
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
thingsboard thingsboard to 4.3.1.1 (inc)
thingsboard thingsboard to 4.3.1.1 (exc)
thingsboard thingsboard 4.2.2.2
thingsboard thingsboard 4.2.2.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-9568 is a vulnerability in ThingsBoard up to version 4.3.1.1 involving the function getGatewayDockerComposeFile in the YAML Handler component. It allows for code injection through manipulation of the YAML configuration used in the gateway's docker-compose file.

The vulnerability is a YAML injection issue that can be exploited remotely, although the attack complexity is high and exploitation is considered difficult.

A pull request was created to fix this by improving device credential validation and adding sanitization logic to prevent injection attacks related to CWE-93 and CWE-94.

Impact Analysis

This vulnerability can lead to remote code injection, which may allow an attacker to execute arbitrary code on the affected system.

Successful exploitation could compromise the integrity and availability of the ThingsBoard platform, potentially leading to unauthorized control over IoT devices managed by the platform.

However, the attack complexity is high and exploitation is difficult, which may reduce the likelihood of successful attacks.

Detection Guidance

The vulnerability involves a YAML injection issue in the ThingsBoard gateway's docker-compose configuration, specifically in the getGatewayDockerComposeFile function. Detection would involve inspecting the docker-compose files or monitoring for unusual or unauthorized YAML content injections in the /api/v1/provision endpoint.

However, no specific detection commands or network/system scanning instructions are provided in the available resources.

Mitigation Strategies

Immediate mitigation involves applying the fix introduced in the pull request #15550, which enhances device credential validation and adds sanitization logic to prevent YAML injection vulnerabilities.

Updating ThingsBoard to versions 4.2.2.2 or 4.2.2.3 (or later) where this fix is applied is recommended.

Since the vulnerability is rated with high attack complexity and difficult exploitation, limiting access to the /api/v1/provision endpoint and monitoring for suspicious activity can also help mitigate risk until the update is applied.

Compliance Impact

The provided information does not specify how the CVE-2026-9568 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9568. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart