Which versions of yudao-cloud are affected by CVE-2026-7679?

YunaiV yudao-cloud versions up to 2026.01 contain an authentication bypass vulnerability (CVE-2026-7679) in OAuth2 token handling that allows remote attackers to obtain unauthorized access tokens…

Is there a public PoC exploit available for CVE-2026-7679?

Yes, a public proof-of-concept exploit is available for CVE-2026-7679. Prioritise patching immediately. EPSS: 0.1%.

yudao-cloud CVE-2026-7679

Q: What is the CVSS score of CVE-2026-7679?

CVE-2026-7679 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-26814 MEDIUM

Improper Authentication (CWE-287)

2026-05-03 VulDB

Authentication Bypass Java

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

May 03, 2026 - 05:22 NVD

HIGH MEDIUM

CVSS changed

May 03, 2026 - 05:22 NVD

7.3 (HIGH) 5.5 (MEDIUM)

PoC Detected

May 03, 2026 - 05:15 vuln.today

Public exploit code

Analysis Generated

May 03, 2026 - 05:01 vuln.today

EUVD ID Assigned

May 03, 2026 - 04:30 euvd

EUVD-2026-26814

Analysis Generated

May 03, 2026 - 04:30 vuln.today

CVE Published

May 03, 2026 - 04:15 nvd

MEDIUM 5.5

DescriptionNVD

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Authentication bypass in YunaiV yudao-cloud (versions up to 2026.01) allows remote unauthenticated attackers to obtain unauthorized access tokens via manipulation of the getAccessToken function in OAuth2TokenServiceImpl.java. Public exploit code exists (GitHub PoC available), enabling attackers to bypass authentication controls and gain low-level access to confidential data, integrity, and availability. …

RemediationAI

Within 24 hours: Identify all deployed instances of yudao-cloud and document current versions in use; contact YunaiV for patch status confirmation and estimated timeline. Within 7 days: Implement network segmentation to restrict unauthenticated access to the OAuth2 token endpoint (getAccessToken function) via WAF rules or API gateway controls; enable authentication audit logging on all token requests. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7679 vulnerability details – vuln.today

Back

yudao-cloud CVE-2026-7679

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

yudao-cloud CVE-2026-7679

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code