CVE 9.8 CRITICAL

CVE-2026-38812_CVE-2026-38812

June 16, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information.

AI Analysis

SQL Injection vulnerability in RuoYi v4.8.2 via the /tool/gen/createTable endpoint

Basic Information

ID CVE-2026-38812

Source mitre

Published Jun 15, 2026 at 00:00

Modified Jun 16, 2026 at 13:51

Affected Product

Vendor RuoYi Team

Product RuoYi

Version v4.8.2

Affected Versions n/a n/a n/a

CWE Classification

CWE-89

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor RuoYi Team

Product RuoYi

Version v4.8.2

References

github.com /jjcjgo/CVE-2026-38812-RuoYi-SQL-Injection

{
    "lastseen": "",
    "description": "RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information.",
    "published": "2026-06-15T00:00:00.000Z",
    "modified": "2026-06-16T13:51:09.133Z",
    "type": "cve",
    "title": "CVE-2026-38812",
    "source": "mitre",
    "references": "https://github.com/jjcjgo/CVE-2026-38812-RuoYi-SQL-Injection",
    "id": "CVE-2026-38812",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "RuoYi",
    "version": "v4.8.2",
    "vendor": "RuoYi Team",
    "ai_description": "SQL Injection vulnerability in RuoYi v4.8.2 via the /tool/gen/createTable endpoint",
    "ai_severity": "Critical",
    "ai_vendor": "RuoYi Team",
    "ai_product": "RuoYi",
    "ai_version": "v4.8.2",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply