Plattform
java
Komponente
easegen-admin
Behoben in
8.0.1
CVE-2026-4285 describes a Path Traversal vulnerability discovered in taoofagi easegen-admin, affecting versions up to 8f87936ac774065b92fb20aab55b274a6ea76433. This flaw allows attackers to potentially access sensitive files and directories on the server. The vulnerability resides in the recognizeMarkdown function within the Pdf2MdUtil.java file. Due to the product's rolling release model, specific fixed versions are not immediately available.
The Path Traversal vulnerability in easegen-admin allows an attacker to manipulate the fileUrl argument within the recognizeMarkdown function, bypassing intended access controls. Successful exploitation enables an attacker to read arbitrary files on the server, potentially exposing sensitive data such as configuration files, source code, or database credentials. The remote nature of the vulnerability means an attacker does not need local access to the system. Given the publicly available exploit, the risk of exploitation is elevated. The blast radius extends to any data accessible by the web server process, depending on its permissions.
CVE-2026-4285 was published on March 16, 2026. A public exploit is already available, significantly increasing the likelihood of exploitation. The vulnerability's severity is pending a full evaluation, but the presence of a public exploit suggests a medium to high probability of exploitation. It is not currently listed on KEV or EPSS, but this could change as more information becomes available. Monitor security advisories and threat intelligence feeds for updates.
Exploit-Status
EPSS
0.07% (21% Perzentil)
CISA SSVC
CVSS-Vektor
While a specific fixed version is not yet available due to the rolling release model, several mitigation strategies can reduce the risk. First, implement strict input validation on the fileUrl parameter to prevent malicious path manipulation. This should include whitelisting allowed characters and validating the file extension. Second, configure the web server to restrict access to sensitive directories and files. Employ a Web Application Firewall (WAF) with rules to detect and block path traversal attempts. Regularly review and update server configurations to minimize the attack surface. Since a direct fix is pending, consider temporarily disabling the recognizeMarkdown functionality if it is not essential.
Actualizar a una versión parcheada que corrija la vulnerabilidad de path traversal en la función recognizeMarkdown de Pdf2MdUtil.java. Contacte al proveedor para obtener una versión corregida o implemente una validación adecuada de la entrada fileUrl para evitar el acceso a archivos fuera del directorio esperado.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-4285 is a Path Traversal vulnerability affecting taoofagi easegen-admin versions up to 8f87936ac774065b92fb20aab55b274a6ea76433. It allows attackers to access unauthorized files on the server.
You are affected if you are using taoofagi easegen-admin versions prior to a fix being released. Check your version against the affected range: ≤8f87936ac774065b92fb20aab55b274a6ea76433.
Upgrade to the latest version when available. Until then, implement input validation, restrict file access, and consider using a WAF.
Yes, a public exploit is already available, indicating a high likelihood of active exploitation.
Refer to the taoofagi website and security advisories for updates on the vulnerability and available fixes. Monitor their release channels for announcements.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.