Strix
26.1K

CVE-2026-7412

HIGHCVSS 8.6/10EPSS 0.52%

Last modified

CVE-2026-7412 is a high-severity vulnerability rated 8.6/10 on the CVSS scale. In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to arbitrary internal or external targets. EPSS estimates a 0.52% chance of exploitation in the next 30 days.

Description

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to arbitrary internal or external targets. This allows an attacker to bypass network segmentation and pivot into isolated internal IT/OT infrastructure or target Cloud Metadata services (IMDS).

Metrics

CVSS 3.1
8.6/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS Probability
0.52%

39.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

References

Timeline

Published
Last Modified
Status
Undergoing Analysis

Frequently Asked Questions

What is CVE-2026-7412?
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to arbitrary internal or external targets. This allows an attacker to bypass network segmentation and pivot into isolated internal IT/OT infrastructure or target Cloud Metadata services (IMDS).
How severe is CVE-2026-7412?
CVE-2026-7412 has a CVSS score of 8.6/10 (HIGH severity). The EPSS model estimates a 0.52% probability of exploitation in the next 30 days.
How do I fix CVE-2026-7412?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-7412?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST