PT-2026-35812 · O2Oa · O2Oa
Larlarua
·
Published
2026-04-28
·
Updated
2026-04-28
·
CVE-2026-7292
CVSS v3.1
5.6
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
o2oa versions prior to 10.0
Description
An improper authorization issue exists in the NodeAgent component within the
syncFile() function of the NodeAgent.java file. This flaw allows a remote attacker to initiate an attack, although the complexity is high and exploitability is considered difficult.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
As a temporary workaround, consider restricting the use of the
syncFile() function within the NodeAgent component to minimize the risk of exploitation.Exploit
Incorrect Privilege Assignment
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
O2Oa