A vulnerability, which was classified as critical , was found in xianrendzw EasyReport up to 2.0.17.0522_Beta . Affected by this issue is the function execute of the component REST Endpoint . Executing a manipulation of the argument reportParams can lead to sql injection. This vulnerability is tracked as CVE-2026-9524 . The attack can be launched remotely. No exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.