CVE-2026-13528
Last modified
CVE-2026-13528 is a high-severity vulnerability rated 7.3/10 on the CVSS scale. A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The impacted element is the function generateUploadPath of the file yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/service/file/FileServiceImpl.java of the component AppFileController File Upload Endpoint. EPSS estimates a 0.45% chance of exploitation in the next 30 days.
Description
A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The impacted element is the function generateUploadPath of the file yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/service/file/FileServiceImpl.java of the component AppFileController File Upload Endpoint. Performing a manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The patch is named 4ae3f6b2c9883978837638c14e3d18419819eeb0. It is recommended to apply a patch to fix this issue. This product is published by multiple vendors.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| YunaiV | ruoyi-vue-pro | 2026.04-jdk8-SNAPSHOT |
| zhijiantianya | ruoyi-vue-pro | 2026.04-jdk8-SNAPSHOT |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-13528?
How severe is CVE-2026-13528?
How do I fix CVE-2026-13528?
Related CVEs from 2026
- CVE-2026-13522A security flaw has been discovered in Investintech SlimPDFR…4.3
- CVE-2026-13523A weakness has been identified in GPAC up to 26.02.0. This a…3.3
- CVE-2026-13524A security vulnerability has been detected in CherryHQ cherr…5.6
- CVE-2026-13525A vulnerability was detected in CodeAstro Human Resource Man…6.3
- CVE-2026-13526A flaw has been found in SourceCodester Class and Exam Timet…7.3
- CVE-2026-13527A vulnerability has been found in SourceCodester Class and E…7.3
- CVE-2026-13529A vulnerability was determined in YzmCMS up to 7.5. This aff…5.6
- CVE-2026-13530A vulnerability was identified in itsourcecode Hospital Mana…6.3
- CVE-2026-13531A security flaw has been discovered in itsourcecode Hospital…6.3
- CVE-2026-13532A weakness has been identified in itsourcecode Hospital Mana…6.3
- CVE-2026-13533A security vulnerability has been detected in agentejo Cockp…5.5
- CVE-2026-13534A vulnerability was detected in CherryHQ cherry-studio up to…5
Are you affected by CVE-2026-13528?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
