yudao-cloud CVE-2026-7710
MEDIUMCVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionNVD
A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Authentication bypass in YunaiV yudao-cloud up to version 3.8.0 allows remote unauthenticated attackers to manipulate the mock-token argument in JwtAuthenticationTokenFilter.java, circumventing JWT authentication mechanisms and gaining unauthorized access. The vulnerability affects the Ruoyi-Vue-Pro component, has publicly available exploit code, and impacts confidentiality, integrity, and availability of protected resources with low severity per CVSS 4.0 scoring (CVSS:5.5, AV:N/AC:L/PR:N/UI:N, VC:L/VI:L/VA:L). …
Sign in for full analysis, threat intelligence, and remediation guidance.
Share
External POC / Exploit Code
Leaving vuln.today