CVE-2026-2819

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Dromara RuoYi-Vue-Plus versions through 5.5.3

Description A missing authorization issue exists in the Workflow Module of Dromara RuoYi-Vue-Plus. The issue affects the SaServletFilter function within the /workflow/instance/deleteByInstanceIds file. This allows for remote exploitation due to a lack of proper authorization checks. The exploit is publicly available.

Recommendations Update to a version beyond 5.5.3. As a temporary workaround, restrict access to the /workflow/instance/deleteByInstanceIds file and the SaServletFilter function.

Fix

Missing Authorization

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-863

Related Identifiers

CVE-2026-2819

Affected Products

Ruoyi-Vue-Plus

CVE-2026-2819

Weakness Enumeration

Related Identifiers

Affected Products

References · 6