Skip to content
CVSS 7.3 · HIGH

CVE-2026-7710

A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

View on NVD

Analysis

This is an authentication bypass in an open-source Java enterprise framework (Ruoyi-Vue-Pro/Yudao) that is primarily popular in the Chinese ecosystem. While it has a high CVSS score and a public exploit, it is not a mainstream tool or library used by the majority of developers in the MexicoDev community.

Severity

Score: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Weakness (CWE): CWE-287

EPSS

Probability of exploitation (next 30 days): 0.0006 (0.1%)
Percentile: 18.8%
EPSS: 2026-05-06

Technical description

A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 5/4/2026, 12:16:39 AM
Last modified: 5/5/2026, 7:11:29 PM

References

HomeEventsBlogResourcesTeam