| Title | YunaiV yudao-cloud yudao-cloud up to 2026.01 Authentication Bypass by Primary Weakness |
|---|
| Description | A critical authentication bypass vulnerability exists in Ruoyi-Vue-Pro JwtAuthenticationTokenFilter.java. The vulnerability allows unauthenticated attackers to bypass the authentication system and impersonate any user by using a special "Mock Token" header, potentially leading to full system compromise.
The doFilterInternal method checks for a mock-token header and directly extracts the user ID without any environment validation or authentication, allowing attackers to forge any user identity. |
|---|
| Source | ⚠️ https://github.com/9str0IL/CVE/issues/5 |
|---|
| User | 9str0il (UID 97218) |
|---|
| Submission | 04/16/2026 15:22 (3 months ago) |
|---|
| Moderation | 05/03/2026 09:38 (17 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 360886 [YunaiV yudao-cloud up to 3.8.0 Ruoyi-Vue-Pro JwtAuthenticationTokenFilter.java doFilterInternal mock-token improper authentication] |
|---|
| Points | 20 |
|---|