CVE-2026-3813

Name of the Vulnerable Software and Affected Versions opencc JFlow versions prior to 5badc00db382d7cb82dad231e6a866b18e0addfe

Description A flaw exists in opencc JFlow that allows for injection. This manipulation can be performed remotely. The vulnerable component is the Calculate function within the src/main/java/bp/wf/httphandler/WF CCForm.java file. The project has been notified of the issue but has not yet responded. A public exploit is available.

Recommendations Apply updates as they become available through the rolling release system. As a temporary workaround, consider restricting access to the WF CCForm.java file. Disable or restrict the use of the Calculate function until a patch is available.