top of page
perceptive_background_267k.jpg

A vulnerability has been found in BidingCC BuildingAI up to 26.0.1. Impacted is the function uploadRemoteFile of the file packages/core/src/modules/upload/servi…

Published:

26 april 2026 om 22:00:00

Alert date:

27 april 2026 om 01:02:15

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

A server-side request forgery (SSRF) vulnerability has been discovered in BidingCC BuildingAI up to version 26.0.1. The vulnerability affects the uploadRemoteFile function in the Remote Upload API component, specifically in the file-storage.service.ts file. The vulnerability can be exploited remotely by manipulating the url argument. The exploit has been publicly disclosed and is available for use. The project maintainers have been notified through an issue report but have not yet responded to address the vulnerability.

Technical details

Mitigation steps:

Affected products:

BidingCC BuildingAI

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-7065
https://github.com/BidingCC/BuildingAI/
https://github.com/BidingCC/BuildingAI/issues/110
https://vuldb.com/submit/798621
https://vuldb.com/vuln/359640
https://vuldb.com/vuln/359640/cti

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page