Skip to content
CVSS 7.3 · HIGH

CVE-2026-7710

A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Ver en NVD

Análisis

This is an authentication bypass in an open-source Java enterprise framework (Ruoyi-Vue-Pro/Yudao) that is primarily popular in the Chinese ecosystem. While it has a high CVSS score and a public exploit, it is not a mainstream tool or library used by the majority of developers in the MexicoDev community.

Severidad

Puntaje: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Tipo de falla (CWE): CWE-287

EPSS

Probabilidad de explotación (próx. 30 días): 0.0006 (0.1%)
Percentil: 18.8%
EPSS: 2026-05-06

Descripción técnica

A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Publicada: 4/5/2026, 0:16:39
Última modificación: 5/5/2026, 19:11:29

Referencias

InicioEventosBlogRecursosEquipo