PT-2026-36727 · Yunaiv · Ruoyi-Vue-Pro+1
9Str0Il
·
Published
2026-05-03
·
Updated
2026-05-04
·
CVE-2026-7710
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
YunaiV yudao-cloud versions prior to 3.8.1
Description
An authentication bypass exists in the Ruoyi-Vue-Pro component. Manipulation of the
mock-token argument within the doFilterInternal() function of the JwtAuthenticationTokenFilter.java file allows for improper authentication, which can be exploited remotely.Recommendations
Update to a version later than 3.8.0.
As a temporary workaround, restrict or disable the use of the
mock-token argument in the affected component.Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ruoyi-Vue-Pro
Yudao-Cloud