PT-2026-42935 · Yangzongzhuan · Ruoyi-Vue

·

CVE-2026-9374

·

Published

2026-05-24

·

Updated

2026-05-24

CVSS v2.0

6.5

Medium

VectorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions yangzongzhuan RuoYi-Vue versions prior to 3.9.3
Description A flaw in the Common Upload Endpoint component allows for unrestricted file upload. This issue occurs within the FileUploadUtils.upload() function located in the '/common/upload' endpoint and can be exploited remotely through manipulation.
Recommendations Update to a version later than 3.9.2. As a temporary workaround, restrict access to the '/common/upload' endpoint or disable the FileUploadUtils.upload() function until a patch is applied.

Fix

Unrestricted File Upload

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-9374

Affected Products

Ruoyi-Vue