CVE-2026-4285

Name of the Vulnerable Software and Affected Versions taoofagi easegen-admin versions prior to 8f87936ac774065b92fb20aab55b274a6ea76433

Description A path traversal issue exists in the recognizeMarkdown function within the file yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/Pdf2MdUtil.java. Manipulation of the fileUrl argument can lead to unauthorized access. The attack can be launched remotely, and an exploit is publicly available. The software utilizes a rolling release model, meaning specific version details for fixes are not available. The vendor was notified of the issue but did not respond.

Recommendations Versions prior to 8f87936ac774065b92fb20aab55b274a6ea76433 should be updated. As a temporary workaround, consider restricting access to the recognizeMarkdown function until a suitable update is available.