PT-2026-20990 · Dromara · Ruoyi-Vue-Plus

Feng123123

Publicado

2026-02-20

Atualizado

2026-02-20

CVE-2026-2819

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Dromara RuoYi-Vue-Plus versions through 5.5.3

Description A missing authorization issue exists in the Workflow Module of Dromara RuoYi-Vue-Plus. The issue affects the SaServletFilter function within the /workflow/instance/deleteByInstanceIds file. This allows for remote exploitation due to a lack of proper authorization checks. The exploit is publicly available.

Recommendations Update to a version beyond 5.5.3. As a temporary workaround, restrict access to the /workflow/instance/deleteByInstanceIds file and the SaServletFilter function.

Correção

Missing Authorization

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862CWE-863

Identificadores relacionados

CVE-2026-2819

Produtos afetados

Ruoyi-Vue-Plus

PT-2026-20990 · Dromara · Ruoyi-Vue-Plus

CVE-2026-2819

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6