CVE-2026-8734 is a SQL injection vulnerability in Oinone Pamirs up to version 7.2.0 affecting the queryListByWrapper interface, allowing remote attackers to execute arbitrary database queries. No vendor patch is available; the vendor was unresponsive to prior notification. Current exploitation activity is low based on EPSS (0.08th percentile), but the public exploit disclosure and absence of a patch make WAF and network controls the only available mitigations.