CVE-2026-7679

Name of the Vulnerable Software and Affected Versions YunaiV yudao-cloud versions prior to 2026.01

Description A security flaw allows remote attackers to perform a manipulation that results in improper authentication. This issue impacts the getAccessToken() function within the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java.

Recommendations As a temporary workaround, consider restricting access to the getAccessToken() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.