| Titel | YunaiV yudao-cloud yudao-cloud up to 2026.01 Authentication Bypass by Primary Weakness |
|---|
| Beschreibung | A critical authentication bypass vulnerability exists in Ruoyi-Vue-Pro JwtAuthenticationTokenFilter.java. The vulnerability allows unauthenticated attackers to bypass the authentication system and impersonate any user by using a special "Mock Token" header, potentially leading to full system compromise.
The doFilterInternal method checks for a mock-token header and directly extracts the user ID without any environment validation or authentication, allowing attackers to forge any user identity. |
|---|
| Quelle | ⚠️ https://github.com/9str0IL/CVE/issues/5 |
|---|
| Benutzer | 9str0il (UID 97218) |
|---|
| Einreichung | 16.04.2026 15:22 (vor 2 Monaten) |
|---|
| Moderieren | 03.05.2026 09:38 (17 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 360886 [YunaiV yudao-cloud bis 3.8.0 Ruoyi-Vue-Pro JwtAuthenticationTokenFilter.java doFilterInternal mock-token schwache Authentisierung] |
|---|
| Punkte | 20 |
|---|