Platform
java
Component
ruoyi-quartz-rce
Opgelost in
4.8.1
4.8.2
4.8.3
CVE-2026-4564 describes a code injection vulnerability discovered in RuoYi, a Java-based platform, affecting versions 4.8.0 through 4.8.2. This flaw allows attackers to potentially execute arbitrary code by manipulating the invokeTarget argument within the /monitor/job/ endpoint, handled by the Quartz Job Handler component. The vulnerability is remotely exploitable and a public proof-of-concept exists, highlighting the urgency of remediation.
The impact of CVE-2026-4564 is significant due to the potential for remote code execution. An attacker exploiting this vulnerability could gain complete control over the affected RuoYi instance, leading to data breaches, system compromise, and potential lateral movement within the network. The ability to manipulate the invokeTarget argument allows for arbitrary code to be injected and executed, bypassing normal security controls. This vulnerability shares similarities with other injection flaws where improper input validation allows attackers to execute commands on the server.
CVE-2026-4564 has been publicly disclosed, and a proof-of-concept exploit is available, indicating a higher probability of exploitation. The vulnerability was reported on 2026-03-22. The vendor was contacted but did not respond, which increases the risk as no official patch is available. The EPSS score is likely to be medium or high given the public disclosure and availability of an exploit.
Organizations deploying RuoYi versions 4.8.0 through 4.8.2 are at immediate risk. This includes those using RuoYi for internal applications, web portals, or any system handling sensitive data. Shared hosting environments utilizing RuoYi are particularly vulnerable due to the potential for cross-tenant exploitation.
• java / server:
ps aux | grep QuartzJobHandler• java / server:
journalctl -u ruoyi -f | grep "invokeTarget"• generic web:
curl -I 'http://<target>/monitor/job/?invokeTarget=evil' # Check for unusual responsesdisclosure
Exploit Status
EPSS
0.05% (16% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2026-4564 is to upgrade RuoYi to a patched version. Unfortunately, no specific fixed version is provided in the CVE data. Until a patch is available, consider implementing temporary workarounds such as restricting access to the /monitor/job/ endpoint to trusted users or networks. Web application firewalls (WAFs) can be configured to filter requests containing suspicious patterns in the invokeTarget parameter. Thoroughly review and validate all user inputs to prevent injection attacks. After upgrading, confirm the fix by attempting to access the /monitor/job/ endpoint with a crafted payload and verifying that the request is rejected.
Werk RuoYi bij naar een versie later dan 4.8.2. Indien een update niet mogelijk is, wordt aanbevolen om de invoer van de gebruiker in de component Quartz Job Handler te controleren en te valideren om code injectie te voorkomen.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-4564 is a code injection vulnerability affecting RuoYi versions 4.8.0–4.8.2. It allows attackers to execute arbitrary code by manipulating the invokeTarget argument in the /monitor/job/ endpoint.
You are affected if you are using RuoYi versions 4.8.0 through 4.8.2 and have not yet upgraded to a patched version. The vulnerability is remotely exploitable.
Upgrade RuoYi to a patched version. As no fixed version is provided, implement temporary workarounds like restricting access to the /monitor/job/ endpoint or using a WAF.
CVE-2026-4564 is publicly disclosed with a proof-of-concept available, suggesting a high probability of active exploitation.
As the vendor did not respond to the disclosure, an official advisory may not be available. Monitor RuoYi's official website and security mailing lists for updates.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je pom.xml-bestand en we vertellen je direct of je getroffen bent.