CVE-2026-7678 | YunaiV yudao-cloud up to 2026.01 GoViewDataServiceImpl.java getDataBySQL sql injection

A vulnerability categorized as critical has been discovered in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. Such manipulation leads to sql injection.

This vulnerability is referenced as CVE-2026-7678. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-7678 | YunaiV yudao-cloud up to 2026.01 GoViewDataServiceImpl.java getDataBySQL sql injection

Post correlati

CVE-2025-66373 | Akamai Ghost 2025-03-26/2025-07-21 HTTP Request request smuggling

CVE-2024-7078 | Semtek Sempos up to 31072024 sql injection

CVE-2026-5572 | Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30 cross-site request forgery

CVE-2024-57685 | SparkShop up to 1.1.7 Phar File Privilege Escalation