YunaiV yudao-cloud Ruoyi-Vue-Pro JwtAuthenticationTokenFilter.java doFilterInternal improper authentication_CVE-2026-7710

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-7710

Source VulDB

Published May 3, 2026 at 23:15

Affected Product

Vendor YunaiV

Product yudao-cloud

Version 3.0

Affected Versions YunaiV yudao-cloud 3.0
YunaiV yudao-cloud 3.1
YunaiV yudao-cloud 3.2
YunaiV yudao-cloud 3.3
YunaiV yudao-cloud 3.4
YunaiV yudao-cloud 3.5
YunaiV yudao-cloud 3.6
YunaiV yudao-cloud 3.7
YunaiV yudao-cloud 3.8.0

CWE Classification

CWE-287

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-05-03T23:15:17.816Z",
    "modified": "2026-05-03T23:15:17.816Z",
    "type": "cve",
    "title": "YunaiV yudao-cloud Ruoyi-Vue-Pro JwtAuthenticationTokenFilter.java doFilterInternal improper authentication",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360886\nhttps://vuldb.com/vuln/360886/cti\nhttps://vuldb.com/submit/806493\nhttps://github.com/9str0IL/CVE/issues/5",
    "id": "CVE-2026-7710",
    "bulletinFamily": "",
    "cwe": [
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "YunaiV yudao-cloud 3.0\nYunaiV yudao-cloud 3.1\nYunaiV yudao-cloud 3.2\nYunaiV yudao-cloud 3.3\nYunaiV yudao-cloud 3.4\nYunaiV yudao-cloud 3.5\nYunaiV yudao-cloud 3.6\nYunaiV yudao-cloud 3.7\nYunaiV yudao-cloud 3.8.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "yudao-cloud",
    "version": "3.0",
    "vendor": "YunaiV",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}