CVE-2026-2819 | Dromara RuoYi-Vue-Plus up to 5.5.3 Workflow deleteByInstanceIds SaServletFilter authorization

A vulnerability identified as critical has been detected in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization.

This vulnerability is listed as CVE-2026-2819. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More