Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable admin endpoints (AV:N); authenticated code-gen role required (PR:L); AC:H reflects the need for a writable source tree and local Go build toolchain; full CIA impact on the host, scope unchanged.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then invoking POST /autoCode/mcpStart to trigger a rebuild and restart of the standalone MCP service. This allows arbitrary operating system commands to be executed on the server with the privileges of the application process. Successful exploitation may lead to remote code execution (RCE), modification of backend source code or runtime logic, deployment of persistent backdoors, access to or manipulation of application data and configuration, and further impact on local resources running under the same service account or privilege context. The risk is highest in deployments that retain the source tree, allow writes to source files, and support local build or startup of standalone MCP components. In environments using binary-only releases, read-only filesystems, or with local build capabilities removed, the exploitability of the full attack chain is significantly reduced. However, once the online code-generation capability and MCP-hosted startup workflow are enabled, the overall security impact may reach high to critical severity. As of time of publication, it is unknown if a patched version is available. As a workaround, enforce strict allowlist validation on path- and identifier-related fields such as humpPackageName, packageName, FuncName, and Router, and only permit safe identifier formats.
AnalysisAI
Authenticated remote code execution in gin-vue-admin 2.9.1 lets attackers with access to the code-generation and MCP management features inject arbitrary Go source via POST /autoCode/addFunc and trigger a rebuild/restart through POST /autoCode/mcpStart, yielding OS command execution as the application service account. No public exploit identified at time of analysis, and as of publication a patched version is not confirmed; the upstream GHSA-22cv-9jv2-6m62 advisory only documents allowlist-based workarounds.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires (1) valid authenticated access to the gin-vue-admin admin interface with permission to use the online code-generation feature and the MCP management interface (consistent with CVSS PR:L), (2) the deployment must retain a writable Go source tree so /autoCode/addFunc can persist injected code, and (3) the host must have a working Go build toolchain so /autoCode/mcpStart can rebuild and restart the standalone MCP service. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H, base 7.4, E:P) and CWE-78 align: network-reachable, low-complexity, low-privilege RCE with full CIA impact on the vulnerable system, no scope change to other systems. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has phished or otherwise obtained credentials for a gin-vue-admin operator with code-generation rights logs into the admin UI, then issues POST /autoCode/addFunc with malicious Go embedded in a field such as FuncName or packageName so that the generated source contains an os/exec call or backdoor handler. They then call POST /autoCode/mcpStart, which compiles the poisoned source and restarts the standalone MCP service, executing the attacker's code under the application's service account; from there they pivot to read database credentials, plant a persistent backdoor in regenerated templates, or attack co-located services. … |
| Remediation | No vendor-released patch identified at time of analysis, so apply the vendor-recommended workaround from GHSA-22cv-9jv2-6m62 (https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-22cv-9jv2-6m62): enforce a strict allowlist on humpPackageName, packageName, FuncName, and Router so only safe Go identifier characters (for example ^[A-Za-z][A-Za-z0-9_]*$) are accepted before they reach the code-generation templates. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all systems running gin-vue-admin 2.9.1; restrict network access to POST /autoCode/addFunc and POST /autoCode/mcpStart endpoints to authorized administrative networks only; audit admin user access logs. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Gin Vue Admin
View allGin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stac
Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution o
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to executio
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stac
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stac
Gin-vue-admin versions 2.8.7 and earlier contain a path traversal vulnerability in the breakpoint resume upload API that
Gin-Vue-Admin before 2.4.6 mishandles a SQL database. Rated critical severity (CVSS 9.8), this vulnerability is remotely
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stac
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38077