CVE-2026-7679 | YunaiV yudao-cloud up to 2026.01 OAuth2TokenServiceImpl.java getAccessToken improper authentication

A vulnerability identified as critical has been detected in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication.

This vulnerability is identified as CVE-2026-7679. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-7679 | YunaiV yudao-cloud up to 2026.01 OAuth2TokenServiceImpl.java getAccessToken improper authentication

Post correlati

CVE-2025-6080 | WPGYM Plugin up to 67.7.0 on WordPress Account Creation authorization

CVE-2026-1481 | Quatuor Evaluación de Desempeño evaluacion_objetivos_anyo_sig_ver_auto.aspx Id_usuario sql injection

CVE-2023-49809 | Mattermost up to 8.1.5 Request Body /add resource consumption

CVE-2023-52903 | Linux Kernel up to 5.10.164/5.15.88/6.1.6 io_uring/io_uring.c __io_cqring_overflow_flush Privilege Escalation