top of page
perceptive_background_267k.jpg

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote a…

Published:

4 May 2026 at 22:00:00

Alert date:

5 May 2026 at 17:01:38

Source:

nvd.nist.gov

Click to open the original link from this advisory

Enterprise Applications, Web Technologies

CVE-2026-7411 affects Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10. The vulnerability stems from inadequate path normalization in the Submodel HTTP API, allowing unauthenticated remote attackers to perform path traversal attacks. Attackers can exploit this by supplying maliciously crafted fileName parameters during file upload operations to bypass storage boundaries. This allows arbitrary file writes to any location accessible by the Java process on the host filesystem. The vulnerability can lead to Remote Code Execution (RCE) and complete system compromise. The flaw requires no authentication, making it particularly dangerous for exposed systems.

Technical details

Mitigation steps:

Affected products:

Eclipse BaSyx Java Server SDK

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-7411
https://gitlab.eclipse.org/security/cve-assignment/-/issues/102
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/423

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page