Home / Vulnerability Intelligence / CVE-2026-7411

CVE-2026-7411 - Vulnerability Analysis

CriticalCVSS: 10.0

Last Updated: May 5, 2026

Eclipse BaSyx Java Server SDK - Path Traversal

Published: May 5, 2026Updated: May 5, 2026Remote Exploitable

Overview

Eclipse BaSyx Java Server SDK < 2.0.0-milestone-10 contains a path traversal caused by inadequate path normalization in the Submodel HTTP API, letting unauthenticated remote attackers write arbitrary files and potentially execute code, exploit requires crafted fileName parameter during file upload.

Severity & Score

Severity: Critical

CVSS Score: 10.0

Impact

Unauthenticated remote attackers can write arbitrary files and execute code, leading to full system compromise.

Mitigation

Update to version 2.0.0-milestone-10 or later.

References

https://gitlab.eclipse.org/security/cve-assignment/-/issues/102
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/423

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-7411
Severity: Critical
CVSS Score: 10.0
Type: path_traversal
Status: new

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H