CVE-2026-4285 | taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433 Pdf2MdUtil.java recognizeMarkdown fileUrl path traversal

A vulnerability, which was classified as critical, was found in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. Impacted is the function recognizeMarkdown of the file yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/Pdf2MdUtil.java. Such manipulation of the argument fileUrl leads to path traversal.

This vulnerability is referenced as CVE-2026-4285. It is possible to launch the attack remotely. Furthermore, an exploit is available.

This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4285 | taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433 Pdf2MdUtil.java recognizeMarkdown fileUrl path traversal

Post correlati

CVE-2024-4813 | Ruijie RG-UAC up to 20240506 interface_commit.php name os command injection

CVE-2025-48559 | Google Android 13/14/15/16 AppOpsService.java denial of service

CVE-2025-5766 | code-projects Laundry System 1.0 cross-site request forgery

CVE-2024-45682 | Millbeck Communications Proroute H685t-w 3.2.334 command injection (icsa-24-261-02)