Skip to main content

ruoyi-vue-pro EUVDEUVD-2026-40025

| CVE-2026-13528 MEDIUM
Path Traversal (CWE-22)
2026-06-29 VulDB GHSA-6q7h-qg7r-3g9c
5.5
CVSS 4.0 · Vendor: VulDB
Share

Severity by source

Vendor (VulDB) PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.3 HIGH

Network-accessible unauthenticated upload endpoint, no interaction needed; all impact metrics Low as traversal enables bounded file read/write without full system compromise.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
CVSS changed
Jun 29, 2026 - 04:22 NVD
6.9 (MEDIUM) 5.5 (MEDIUM)
Analysis Generated
Jun 29, 2026 - 04:01 vuln.today

DescriptionCVE.org

A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The impacted element is the function generateUploadPath of the file yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/service/file/FileServiceImpl.java of the component AppFileController File Upload Endpoint. Performing a manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The patch is named 4ae3f6b2c9883978837638c14e3d18419819eeb0. It is recommended to apply a patch to fix this issue. This product is published by multiple vendors.

AnalysisAI

Path traversal in the ruoyi-vue-pro file upload endpoint exposes unauthenticated remote attackers to arbitrary file read and write operations via the generateUploadPath function in FileServiceImpl.java. All versions up to 2026.04-jdk8-SNAPSHOT are confirmed affected across both the YunaiV (GitHub) and zhijiantianya (Gitee) vendor distributions. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Send crafted HTTP upload request to AppFileController
Delivery
Embed path traversal sequences in filename parameter
Exploit
generateUploadPath processes unsanitized input
Execution
Filesystem path escapes intended upload directory
Impact
Read sensitive files or write attacker-controlled content

Vulnerability AssessmentAI

Exploitation No special configuration is required - the CVSS 4.0 vector (AC:L/AT:N/PR:N/UI:N) confirms exploitation against default configurations of the ruoyi-vue-pro `AppFileController` file upload endpoint with no authentication and no user interaction. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) describes a maximally accessible attack surface: network-reachable, low complexity, no authentication, no user interaction, no special attack requirements. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker sends a crafted HTTP POST request to the `AppFileController` file upload endpoint, embedding path traversal sequences such as `../../sensitive/config` within the filename or path parameter. The `generateUploadPath` function processes this input without sanitization, resolving the traversal and either writing attacker-controlled content to an arbitrary filesystem location or enabling access to files outside the intended upload directory. …
Remediation Apply the vendor-released patch commit `4ae3f6b2c9883978837638c14e3d18419819eeb0` available on Gitee at https://gitee.com/zhijiantianya/ruoyi-vue-pro/commit/4ae3f6b2c9883978837638c14e3d18419819eeb0. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Java

View all
CVE-2012-4681 CRITICAL POC
9.8 Aug 28

Oracle Java SE 7 Update 6 and earlier contains multiple sandbox bypass vulnerabilities via the ClassFinder and forName m

CVE-2015-7450 CRITICAL POC
9.8 Jan 02

Remote code execution in IBM Sterling B2B Integrator, Sterling Integrator, and Tivoli Common Reporting allows unauthenti

CVE-2013-2465 CRITICAL POC
9.8 Jun 18

Java Runtime Environment sandbox bypass via incorrect image channel verification in 2D component allows remote unauthent

CVE-2011-3544 CRITICAL POC
9.8 Oct 19

Oracle Java SE JDK/JRE 7 and 6 Update 27 and earlier allows remote code execution with complete system compromise throug

CVE-2010-1871 HIGH POC
8.8 Aug 05

JBoss Seam 2 in Red Hat JBoss EAP 4.3.0 fails to sanitize JBoss Expression Language inputs, allowing remote attackers to

CVE-2017-3066 CRITICAL POC
9.8 Apr 27

Remote unauthenticated attackers can execute arbitrary code on Adobe ColdFusion servers through Java deserialization fla

CVE-2013-2460 CRITICAL POC
9.3 Jun 18

Java Runtime Environment 7 Update 21 and earlier allows remote attackers to escape the Java sandbox and execute arbitrar

CVE-2024-0195 MEDIUM POC
6.3 Jan 02

A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Rated medium severity (CVSS 6.3), thi

CVE-2026-20131 CRITICAL POC
10.0 Mar 04

Cisco Secure Firewall Management Center (FMC) contains a critical unauthenticated Java deserialization vulnerability (CV

CVE-2026-34197 HIGH POC
8.8 Apr 07

Remote code execution in Apache ActiveMQ Classic versions before 5.19.5 and 6.0.0-6.2.2 allows authenticated attackers t

CVE-2010-5326 CRITICAL POC
10.0 May 13

Remote unauthenticated code execution in SAP NetWeaver Application Server Java (pre-7.3) through the Invoker Servlet all

CVE-2021-44832 MEDIUM
6.6 Dec 28

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a r

Share

EUVD-2026-40025 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy