CVE-2026-9374 | yangzongzhuan RuoYi-Vue up to 3.9.2 Common Upload Endpoint /common/upload FileUploadUtils.upload unrestricted upload

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. It has been rated as critical. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload.

This vulnerability is reported as CVE-2026-9374. The attack is possible to be carried out remotely. No exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More