{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/ruoyi-vue-pro/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7710"}],"_cs_exploited":false,"_cs_products":["yudao-cloud \u003c= 3.8.0","Ruoyi-Vue-Pro"],"_cs_severities":["high"],"_cs_tags":["authentication bypass","cve-2026-7710","web application"],"_cs_type":"advisory","_cs_vendors":["YunaiV"],"content_html":"\u003cp\u003eCVE-2026-7710 is an authentication bypass vulnerability affecting YunaiV\u0026rsquo;s yudao-cloud, specifically versions up to 3.8.0. The vulnerability resides in the \u003ccode\u003edoFilterInternal\u003c/code\u003e function within the \u003ccode\u003eJwtAuthenticationTokenFilter.java\u003c/code\u003e file of the Ruoyi-Vue-Pro component. An attacker can exploit this vulnerability by manipulating the \u003ccode\u003emock-token\u003c/code\u003e argument, leading to improper authentication. This allows a remote attacker to potentially gain unauthorized access to the application. Public exploits are available, increasing the risk of exploitation. The vendor was notified but has not responded.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a YunaiV yudao-cloud instance running a vulnerable version (\u0026lt;= 3.8.0).\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP request targeting an endpoint protected by authentication.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes a manipulated \u003ccode\u003emock-token\u003c/code\u003e argument designed to bypass the JWT authentication filter.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eJwtAuthenticationTokenFilter.java\u003c/code\u003e component processes the request and improperly validates the manipulated \u003ccode\u003emock-token\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDue to the flawed authentication logic, the attacker is granted unauthorized access as an authenticated user.\u003c/li\u003e\n\u003cli\u003eAttacker gains access to protected resources and functionalities within the application.\u003c/li\u003e\n\u003cli\u003eAttacker performs privileged actions such as data modification, account takeover, or further exploitation of the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7710 allows attackers to bypass authentication and gain unauthorized access to YunaiV yudao-cloud applications. This can lead to the compromise of sensitive data, modification of application settings, and potentially full system takeover. Given the availability of public exploits, organizations using affected versions of yudao-cloud are at high risk. The CVSS v3.1 base score for this vulnerability is 7.3, indicating a high severity level.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade YunaiV yudao-cloud to a patched version that addresses CVE-2026-7710.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Malicious Mock Token Argument\u003c/code\u003e to identify exploitation attempts by monitoring web server logs for the presence of a \u003ccode\u003emock-token\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eImplement input validation on the server side to ensure that \u003ccode\u003emock-token\u003c/code\u003e values conform to expected patterns.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-04T00:16:39Z","date_published":"2026-05-04T00:16:39Z","id":"/briefs/2026-05-yunai-auth-bypass/","summary":"YunaiV yudao-cloud up to version 3.8.0 is vulnerable to an authentication bypass (CVE-2026-7710) due to improper handling of the mock-token argument in the JwtAuthenticationTokenFilter.java file, allowing remote attackers to bypass authentication.","title":"YunaiV yudao-cloud Authentication Bypass Vulnerability (CVE-2026-7710)","url":"https://feed.craftedsignal.io/briefs/2026-05-yunai-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Ruoyi-Vue-Pro","version":"https://jsonfeed.org/version/1.1"}