CVE-2026-9374 – yangzongzhuan RuoYi-Vue Common Upload Endpoint upload FileUploadUtils.upload unrestricted upload

CVE ID :CVE-2026-9374

Published : May 24, 2026, 10:30 a.m. | 31 minutes ago

Description :A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9376 – JPress UCenter Article Submission Endpoint doWriteSave improper authorization

CVE-2026-9373 – JeecgBoot OpenAPI Endpoint call improper authentication

CVE-2026-9372 – ItzCrazyKns Vane Model Provider API route.ts server-side request forgery

CVE-2026-9371 – ItzCrazyKns Vane API route.ts missing authentication