Skip to content
Threat Feed
critical advisory

perfree go-fastdfs-web Improper Authorization Vulnerability (CVE-2026-6105)

CVE-2026-6105 is a critical vulnerability in perfree go-fastdfs-web versions up to 1.3.7, allowing for remote improper authorization due to a flaw in the doInstall Interface, potentially leading to unauthorized system access and control.

A critical security vulnerability, CVE-2026-6105, has been identified in perfree go-fastdfs-web, affecting versions up to 1.3.7. The vulnerability resides in the src/main/java/com/perfree/controller/InstallController.java file, specifically within the doInstall Interface component. This flaw allows for improper authorization, enabling remote attackers to potentially bypass security measures and gain unauthorized access. The exploit has been publicly disclosed, increasing the risk of exploitation. The vendor was notified but has not responded, exacerbating the potential impact. Defenders should prioritize detection and mitigation efforts to prevent unauthorized access.

Attack Chain

  1. Attacker identifies a vulnerable perfree go-fastdfs-web instance running a version up to 1.3.7.
  2. The attacker crafts a malicious request targeting the doInstall interface.
  3. The crafted request exploits the improper authorization vulnerability (CVE-2026-6105) in InstallController.java.
  4. The application fails to properly validate the attacker’s privileges.
  5. The attacker gains unauthorized access to sensitive functionalities due to the bypassed authorization checks.
  6. The attacker performs unauthorized actions, such as modifying system settings or accessing restricted data.
  7. The attacker may leverage the initial access to further compromise the system or network.

Impact

Successful exploitation of CVE-2026-6105 allows an unauthenticated remote attacker to bypass authorization controls in perfree go-fastdfs-web. The impact includes potential unauthorized access to sensitive data, modification of system configurations, and complete system compromise. Given the public disclosure of the exploit, organizations using affected versions of perfree go-fastdfs-web are at high risk of attack. The lack of vendor response further amplifies the threat.

Recommendation

  • Deploy the Sigma rule Detect Suspicious doInstall Interface Access to identify unauthorized access attempts to the vulnerable endpoint (logsource: webserver, product: linux).
  • Monitor web server logs for suspicious requests targeting the doInstall interface in InstallController.java (logsource: webserver, product: linux).
  • Apply input validation and authorization checks to the doInstall Interface in InstallController.java to mitigate CVE-2026-6105.
  • Consider implementing a Web Application Firewall (WAF) rule to block requests matching the exploit pattern.

Detection coverage 2

Detect Suspicious doInstall Interface Access

high

Detects suspicious access attempts to the doInstall interface in perfree go-fastdfs-web, indicative of CVE-2026-6105 exploitation.

sigma tactics: privilege_escalation techniques: T1548 sources: webserver, linux

Detect Unauthorized Access to InstallController.java

medium

Detects unauthorized access attempts to InstallController.java, which may indicate an attempt to exploit CVE-2026-6105

sigma tactics: privilege_escalation techniques: T1548 sources: webserver, linux

Detection queries are kept inside the platform. Get full rules →