Vulnerability Cve-2026-7411
CVE-2026-7411 is a critical vulnerability in Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10. It stems from inadequate path normalization in the Submodel HTTP API, enabling unauthenticated remote attackers to perform path traversal attacks. This can result in arbitrary file writes, remote code execution, and full system compromise.
- ▪The vulnerability allows unauthenticated remote attackers to perform path traversal via a maliciously crafted fileName parameter during file upload.
- ▪It affects Eclipse BaSyx Java Server SDK versions before 2.0.0-milestone-10.
- ▪Successful exploitation can lead to Remote Code Execution (RCE) and complete system compromise.
- ▪The CVSS v3.1 score is 10.0, classified as Critical, with attack vector over the network and no required user interaction.
- ▪Mohamed Lemine Ahmed Jidou from AegisSec is credited with discovering the vulnerability.
Opening excerpt (first ~120 words) tap to expand
Action not permitted Modal body text goes here. Close Modal Title Modal Body Source (Optional) Cancel Confirm CVE-2026-7411 (GCVE-0-2026-7411) Vulnerability from cvelistv5 – Published: 2026-05-05 14:07 – Updated: 2026-05-06 15:25 VLAI? EPSS SummaryIn Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process. This can lead to Remote Code Execution (RCE) and complete system compromise.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Gcve.
Discussion
0 commentsMore from Gcve
