A vulnerability, which was classified as critical , was found in YunaiV yudao-cloud 2026.03 . This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint . Such manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2026-9464 . The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.