CVE-2026-7412 in BaSyxinformación

Resumen

por MITRE • 2026-05-05

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to arbitrary internal or external targets. This allows an attacker to bypass network segmentation and pivot into isolated internal IT/OT infrastructure or target Cloud Metadata services (IMDS).

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Eclipse

Reservar

2026-04-29

Divulgación

2026-05-05

Moderación

aceptado

Artículo

VDB-361213

CPE

listo

CWE

CWE-918 (confirmado)

CVSS

8.6 (CNA)

EPSS

0.00033

KEV

Actividades

muy bajo

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-7412
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-7412
CVE Details	https://www.cvedetails.com/cve/CVE-2026-7412/

◂ Anterior Visión De Conjunto Próximo ▸

Do you know our Splunk app?

Download it now for free!