Plateforme
java
Composant
easegen-admin
Corrigé dans
8.0.1
CVE-2026-4285 describes a Path Traversal vulnerability discovered in taoofagi easegen-admin, affecting versions up to 8f87936ac774065b92fb20aab55b274a6ea76433. This flaw allows attackers to potentially access sensitive files and directories on the server. The vulnerability resides in the recognizeMarkdown function within the Pdf2MdUtil.java file. Due to the product's rolling release model, specific fixed versions are not immediately available.
The Path Traversal vulnerability in easegen-admin allows an attacker to manipulate the fileUrl argument within the recognizeMarkdown function, bypassing intended access controls. Successful exploitation enables an attacker to read arbitrary files on the server, potentially exposing sensitive data such as configuration files, source code, or database credentials. The remote nature of the vulnerability means an attacker does not need local access to the system. Given the publicly available exploit, the risk of exploitation is elevated. The blast radius extends to any data accessible by the web server process, depending on its permissions.
CVE-2026-4285 was published on March 16, 2026. A public exploit is already available, significantly increasing the likelihood of exploitation. The vulnerability's severity is pending a full evaluation, but the presence of a public exploit suggests a medium to high probability of exploitation. It is not currently listed on KEV or EPSS, but this could change as more information becomes available. Monitor security advisories and threat intelligence feeds for updates.
Statut de l'Exploit
EPSS
0.07% (percentile 21%)
CISA SSVC
Vecteur CVSS
While a specific fixed version is not yet available due to the rolling release model, several mitigation strategies can reduce the risk. First, implement strict input validation on the fileUrl parameter to prevent malicious path manipulation. This should include whitelisting allowed characters and validating the file extension. Second, configure the web server to restrict access to sensitive directories and files. Employ a Web Application Firewall (WAF) with rules to detect and block path traversal attempts. Regularly review and update server configurations to minimize the attack surface. Since a direct fix is pending, consider temporarily disabling the recognizeMarkdown functionality if it is not essential.
Actualizar a una versión parcheada que corrija la vulnerabilidad de path traversal en la función recognizeMarkdown de Pdf2MdUtil.java. Contacte al proveedor para obtener una versión corregida o implemente una validación adecuada de la entrada fileUrl para evitar el acceso a archivos fuera del directorio esperado.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-4285 is a Path Traversal vulnerability affecting taoofagi easegen-admin versions up to 8f87936ac774065b92fb20aab55b274a6ea76433. It allows attackers to access unauthorized files on the server.
You are affected if you are using taoofagi easegen-admin versions prior to a fix being released. Check your version against the affected range: ≤8f87936ac774065b92fb20aab55b274a6ea76433.
Upgrade to the latest version when available. Until then, implement input validation, restrict file access, and consider using a WAF.
Yes, a public exploit is already available, indicating a high likelihood of active exploitation.
Refer to the taoofagi website and security advisories for updates on the vulnerability and available fixes. Monitor their release channels for announcements.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier pom.xml et nous te dirons instantanément si tu es affecté.