A vulnerability has been found in DTStack Taier 1.4.0 and classified as critical . This affects the function Runtime.exec of the component REST API . The manipulation of the argument sqlText leads to os command injection. This vulnerability is uniquely identified as CVE-2026-9437 . The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.