What is the CVSS score of CVE-2026-7412?

CVE-2026-7412 has a CVSS 3.1 base score of 8.6 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Eclipse BaSyx Java SDK are affected by CVE-2026-7412?

Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10 contain an unauthenticated Server-Side Request Forgery (SSRF) vulnerability that allows attackers to force internal HTTP requests to…. A patch is available.

Eclipse BaSyx Java SDK CVE-2026-7412

EUVD-2026-27386 HIGH

Server-Side Request Forgery (SSRF) (CWE-918)

2026-05-05 eclipse

GHSA-gx3v-wxfj-8h24

Java SSRF

8.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Patch available

May 05, 2026 - 17:32 EUVD

Analysis Generated

May 05, 2026 - 16:30 vuln.today

DescriptionNVD

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to arbitrary internal or external targets. This allows an attacker to bypass network segmentation and pivot into isolated internal IT/OT infrastructure or target Cloud Metadata services (IMDS).

AnalysisAI

Server-Side Request Forgery (SSRF) in Eclipse BaSyx Java Server SDK prior to 2.0.0-milestone-10 allows unauthenticated remote attackers to force the server to execute blind HTTP POST requests to arbitrary internal or external targets via the unvalidated Operation Delegation feature. Attackers can exploit this to bypass network segmentation, pivot into isolated IT/OT infrastructure, or access Cloud Metadata services (IMDS) - enabling potential credential theft and lateral movement. …

RemediationAI

Within 24 hours: Identify all BaSyx Java Server SDK deployments and document version numbers; immediately restrict network egress from BaSyx servers to only approved targets using firewall rules. Within 7 days: Test and deploy upgrade to Eclipse BaSyx 2.0.0-milestone-10 or later across all instances; disable the Operation Delegation feature if upgrade cannot be completed. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7412 vulnerability details – vuln.today

Back

Eclipse BaSyx Java SDK CVE-2026-7412

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code