Skip to main content

gin-vue-admin CVE-2026-48787

| EUVDEUVD-2026-38077 HIGH
OS Command Injection (CWE-78)
2026-06-19 GitHub_M
7.4
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.5 HIGH

Network-reachable admin endpoints (AV:N); authenticated code-gen role required (PR:L); AC:H reflects the need for a writable source tree and local Go build toolchain; full CIA impact on the host, scope unchanged.

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 19, 2026 - 20:18 vuln.today

DescriptionCVE.org

gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then invoking POST /autoCode/mcpStart to trigger a rebuild and restart of the standalone MCP service. This allows arbitrary operating system commands to be executed on the server with the privileges of the application process. Successful exploitation may lead to remote code execution (RCE), modification of backend source code or runtime logic, deployment of persistent backdoors, access to or manipulation of application data and configuration, and further impact on local resources running under the same service account or privilege context. The risk is highest in deployments that retain the source tree, allow writes to source files, and support local build or startup of standalone MCP components. In environments using binary-only releases, read-only filesystems, or with local build capabilities removed, the exploitability of the full attack chain is significantly reduced. However, once the online code-generation capability and MCP-hosted startup workflow are enabled, the overall security impact may reach high to critical severity. As of time of publication, it is unknown if a patched version is available. As a workaround, enforce strict allowlist validation on path- and identifier-related fields such as humpPackageName, packageName, FuncName, and Router, and only permit safe identifier formats.

AnalysisAI

Authenticated remote code execution in gin-vue-admin 2.9.1 lets attackers with access to the code-generation and MCP management features inject arbitrary Go source via POST /autoCode/addFunc and trigger a rebuild/restart through POST /autoCode/mcpStart, yielding OS command execution as the application service account. No public exploit identified at time of analysis, and as of publication a patched version is not confirmed; the upstream GHSA-22cv-9jv2-6m62 advisory only documents allowlist-based workarounds.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain authenticated admin session
Delivery
POST /autoCode/addFunc with malicious Go in identifier fields
Exploit
Templated source written to disk
Execution
POST /autoCode/mcpStart rebuilds MCP binary
Persist
Standalone MCP service restarts executing attacker code
Impact
RCE as service account, persist via regenerated templates

Vulnerability AssessmentAI

Exploitation Requires (1) valid authenticated access to the gin-vue-admin admin interface with permission to use the online code-generation feature and the MCP management interface (consistent with CVSS PR:L), (2) the deployment must retain a writable Go source tree so /autoCode/addFunc can persist injected code, and (3) the host must have a working Go build toolchain so /autoCode/mcpStart can rebuild and restart the standalone MCP service. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H, base 7.4, E:P) and CWE-78 align: network-reachable, low-complexity, low-privilege RCE with full CIA impact on the vulnerable system, no scope change to other systems. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has phished or otherwise obtained credentials for a gin-vue-admin operator with code-generation rights logs into the admin UI, then issues POST /autoCode/addFunc with malicious Go embedded in a field such as FuncName or packageName so that the generated source contains an os/exec call or backdoor handler. They then call POST /autoCode/mcpStart, which compiles the poisoned source and restarts the standalone MCP service, executing the attacker's code under the application's service account; from there they pivot to read database credentials, plant a persistent backdoor in regenerated templates, or attack co-located services. …
Remediation No vendor-released patch identified at time of analysis, so apply the vendor-recommended workaround from GHSA-22cv-9jv2-6m62 (https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-22cv-9jv2-6m62): enforce a strict allowlist on humpPackageName, packageName, FuncName, and Router so only safe Go identifier characters (for example ^[A-Za-z][A-Za-z0-9_]*$) are accepted before they reach the code-generation templates. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running gin-vue-admin 2.9.1; restrict network access to POST /autoCode/addFunc and POST /autoCode/mcpStart endpoints to authorized administrative networks only; audit admin user access logs. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-48787 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy