CVE-2026-7291 in o2oainformación

Resumen

por MITRE • 2026-04-28

A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

VulDB

Divulgación

2026-04-28

Moderación

aceptado

Artículo

VDB-359951

CPE

listo

CWE

CWE-918 (confirmado)

Explotación

Descargar

CVSS

6.3 (VulDB)

EPSS

0.00046

KEV

Actividades

muy bajo

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-7291
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-7291
CVE Details	https://www.cvedetails.com/cve/CVE-2026-7291/

◂ Anterior Visión De Conjunto Próximo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!