CVE-2026-7291 | o2oa up to 10.0 URL Fetching FileAction.java FileAction fileUrl server-side request forgery (Issue 195)

A vulnerability labeled as critical has been found in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can lead to server-side request forgery.

This vulnerability is registered as CVE-2026-7291. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More