What is the CVSS score of EUVD-2026-27384?

EUVD-2026-27384 has a CVSS 3.1 base score of 10.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Eclipse BaSyx Java Server SDK are affected by EUVD-2026-27384?

Eclipse BaSyx Java Server SDK versions before 2.0.0-milestone-10 contain a critical remote code execution vulnerability in the Submodel HTTP API that allows unauthenticated attackers to write…. A patch is available.

Eclipse BaSyx Java Server SDK EUVD-2026-27384

| CVE-2026-7411 CRITICAL

Path Traversal (CWE-22)

2026-05-05 eclipse

GHSA-8gpm-h2mh-36qc

RCE Java Path Traversal File Upload

10.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

May 05, 2026 - 17:32 EUVD

Analysis Generated

May 05, 2026 - 16:30 vuln.today

DescriptionNVD

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process. This can lead to Remote Code Execution (RCE) and complete system compromise.

AnalysisAI

Remote code execution in Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10 allows unauthenticated remote attackers to write arbitrary files anywhere on the host filesystem via path traversal in the Submodel HTTP API's file upload fileName parameter, leading to complete system compromise. The vulnerability receives the maximum CVSS score of 10.0 due to network-accessible exploitation requiring no authentication, privileges, or user interaction, with scope change enabling impact beyond the vulnerable component. …

RemediationAI

Within 24 hours: Identify all systems running Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10 using asset inventory tools and network scanning; isolate affected systems from production networks if immediate patching is not feasible. Within 7 days: Upgrade all instances to Eclipse BaSyx Java Server SDK version 2.0.0-milestone-10 or later per vendor advisory; validate upgrade in test environment first. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-27384 vulnerability details – vuln.today

Back

Eclipse BaSyx Java Server SDK EUVD-2026-27384

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code