top of page
perceptive_background_267k.jpg

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote a…

Published:

4 mei 2026 om 22:00:00

Alert date:

5 mei 2026 om 20:13:49

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications

CVE-2026-7411 affects Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10. The vulnerability involves inadequate path normalization in the Submodel HTTP API that allows unauthenticated remote attackers to perform path traversal attacks. Attackers can exploit a maliciously crafted fileName parameter during file upload operations to bypass storage boundaries. This enables writing arbitrary files to any location accessible by the Java process on the host filesystem. The vulnerability can lead to Remote Code Execution (RCE) and complete system compromise. The flaw represents a critical security issue due to its unauthenticated remote exploitation capability.

Technical details

Mitigation steps:

Affected products:

Eclipse BaSyx Java Server SDK

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-7411
https://gitlab.eclipse.org/security/cve-assignment/-/issues/102
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/423

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page