Oinone Pamirs SQL Injection (CVE-2026-8734) Poses Remote Threat

/HIGH /CVSS 7.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitysql-injectioncwe-74cwe-89
Oinone Pamirs SQL Injection (CVE-2026-8734) Poses Remote Threat

The National Vulnerability Database (NVD) has identified CVE-2026-8734, a high-severity SQL injection vulnerability affecting Oinone Pamirs up to version 7.2.0. This flaw resides in the RSQLToSQLNodeConnector.makeVariable function within the queryListByWrapper interface component. Attackers can exploit this remotely, leading to SQL injection.

The CVSS score for CVE-2026-8734 is 7.3 (HIGH), indicating a significant risk. The NVD notes that the exploit has been publicly disclosed, meaning it is likely being actively weaponized or will be soon. Oinone was reportedly contacted about this vulnerability but has not responded, leaving users exposed.

This is a critical oversight. Publicly available exploits combined with vendor silence mean defenders are on their own. SQL injection is a foundational attack vector for data exfiltration and broader system compromise. Organizations using Oinone Pamirs are at immediate risk, especially given the remote attack vector and the lack of a vendor patch or advisory.

What This Means For You

  • If your organization uses Oinone Pamirs, specifically versions up to 7.2.0, you are exposed to a high-severity SQL injection. Since the vendor has not responded and the exploit is public, you must assume active exploitation. Immediately identify all instances of Oinone Pamirs in your environment, assess their exposure, and implement compensating controls to mitigate SQL injection risks. Isolate these systems if possible and monitor for anomalous database activity.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component Initial Access T1189 Drive-by Compromise Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-8734 - Oinone Pamirs SQL Injection via queryListByWrapper

Sigma YAML — free preview 
title: CVE-2026-8734 - Oinone Pamirs SQL Injection via queryListByWrapper
id: scw-2026-05-17-ai-1
status: experimental
level: critical
description: |
  Detects attempts to exploit CVE-2026-8734 in Oinone Pamirs by looking for specific function calls and SQL injection characters within the query string of web requests. The vulnerability lies in the RSQLToSQLNodeConnector.makeVariable function within the queryListByWrapper interface, allowing remote SQL injection.
author: SCW Feed Engine (AI-generated)
date: 2026-05-17
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-8734/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri-query|contains:
          - "RSQLToSQLNodeConnector.makeVariable"
      cs-uri-query|contains:
          - "("
      cs-uri-query|contains:
          - ")"
      cs-uri-query|contains:
          - "'"
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-8734 SQLi Oinone Pamirs up to 7.2.0
CVE-2026-8734 SQLi Function RSQLToSQLNodeConnector.makeVariable
CVE-2026-8734 SQLi Component queryListByWrapper Interface

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 17, 2026 at 09:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-8735 — Oinone Pamirs Insecure Deserialization

CVE-2026-8735 — A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuery...

vulnerabilityCVEmedium-severityinsecure-deserializationcwe-20cwe-502
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-8733 — Investintech SlimPDFReader Buffer Overflow

CVE-2026-8733 — A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub_3B4610 of the file SlimPDFReader.exe. The...

vulnerabilityCVEmedium-severitybuffer-overflowcwe-119cwe-121
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 3 IOCs /⚙ 2 Sigma

CVE-2026-8731 — Open5GS Denial of Service

CVE-2026-8731 — A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogs_sbi_client_add in the library /lib/sbi/client.c of the component NRF....

vulnerabilityCVEmedium-severitydenial-of-servicecwe-404
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 2 IOCs /⚙ 1 Sigma