Skip to content
CVSS 7.3 · HIGH

CVE-2026-7679

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

View on NVD

Analysis

The vulnerability involves an authentication bypass in the yudao-cloud framework's OAuth2 implementation. Although the exploit is public and the impact is high for users of this specific Java framework, it is considered niche software with limited adoption in the local developer community.

Severity

Score: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Weakness (CWE): CWE-287

EPSS

Probability of exploitation (next 30 days): 0.0008 (0.1%)
Percentile: 23.7%
EPSS: 2026-05-06

Technical description

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 5/3/2026, 5:15:59 AM
Last modified: 5/5/2026, 7:13:44 PM

References

HomeEventsBlogResourcesTeam