Platform
java
Component
easegen-admin
Fixed in
8.0.1
CVE-2026-4285 describes a Path Traversal vulnerability discovered in taoofagi easegen-admin, affecting versions up to 8f87936ac774065b92fb20aab55b274a6ea76433. This flaw allows attackers to potentially access sensitive files and directories on the server. The vulnerability resides in the recognizeMarkdown function within the Pdf2MdUtil.java file. Due to the product's rolling release model, specific fixed versions are not immediately available.
The Path Traversal vulnerability in easegen-admin allows an attacker to manipulate the fileUrl argument within the recognizeMarkdown function, bypassing intended access controls. Successful exploitation enables an attacker to read arbitrary files on the server, potentially exposing sensitive data such as configuration files, source code, or database credentials. The remote nature of the vulnerability means an attacker does not need local access to the system. Given the publicly available exploit, the risk of exploitation is elevated. The blast radius extends to any data accessible by the web server process, depending on its permissions.
CVE-2026-4285 was published on March 16, 2026. A public exploit is already available, significantly increasing the likelihood of exploitation. The vulnerability's severity is pending a full evaluation, but the presence of a public exploit suggests a medium to high probability of exploitation. It is not currently listed on KEV or EPSS, but this could change as more information becomes available. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
0.07% (21% percentile)
CISA SSVC
CVSS Vector
While a specific fixed version is not yet available due to the rolling release model, several mitigation strategies can reduce the risk. First, implement strict input validation on the fileUrl parameter to prevent malicious path manipulation. This should include whitelisting allowed characters and validating the file extension. Second, configure the web server to restrict access to sensitive directories and files. Employ a Web Application Firewall (WAF) with rules to detect and block path traversal attempts. Regularly review and update server configurations to minimize the attack surface. Since a direct fix is pending, consider temporarily disabling the recognizeMarkdown functionality if it is not essential.
Update to a patched version that corrects the path traversal vulnerability in the recognizeMarkdown function of Pdf2MdUtil.java. Contact the vendor for a corrected version or implement proper input validation of the fileUrl to prevent access to files outside the expected directory.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-4285 is a Path Traversal vulnerability affecting taoofagi easegen-admin versions up to 8f87936ac774065b92fb20aab55b274a6ea76433. It allows attackers to access unauthorized files on the server.
You are affected if you are using taoofagi easegen-admin versions prior to a fix being released. Check your version against the affected range: ≤8f87936ac774065b92fb20aab55b274a6ea76433.
Upgrade to the latest version when available. Until then, implement input validation, restrict file access, and consider using a WAF.
Yes, a public exploit is already available, indicating a high likelihood of active exploitation.
Refer to the taoofagi website and security advisories for updates on the vulnerability and available fixes. Monitor their release channels for announcements.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.