36 matches found
Path Traversal
org.eclipse.basyx:basyx.sdk is vulnerable to Path Traversal. The vulnerability is due to inadequate path normalization of the fileName parameter in the Submodel HTTP API, which allows an attacker to write arbitrary files to the host filesystem and potentially execute malicious code...
CVE-2026-7411
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...
CVE-2026-7412
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...
Exploit for CVE-2026-7411
CVE-2026-7411 Overview In certain versions of the Eclipse...
Linux Distros Unpatched Vulnerability : CVE-2026-7412
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated...
Linux Distros Unpatched Vulnerability : CVE-2026-7411
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote...
com.festo.aas:p4m-helpers (>=1.0.0 <=1.0.4), de.dfki.cos.basys.aas.registry:aas-registry-compatibility (=0.4.2) +12 more potentially affected by CVE-2026-7411 via org.eclipse.basyx:basyx.sdk (>=1.0.1 <=1.5.1)
org.eclipse.basyx:basyx.sdk MAVEN version =1.0.1, =1.0.0, =0.4.2, =0.5.0, =0.5.0, =0.5.0, =1.0.1, =1.0.1, =1.0.1, =1.0.3, =1.5.1 Source cves: CVE-2026-7411 Source advisory: OSV:GHSA-8GPM-H2MH-36QC...
Eclipse BaSyx Java Server SDK vulnerable to Server-Side Request Forgery
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...
Eclipse BaSyx Java Server SDK vulnerable to Path Traversal
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...
EUVD-2026-27386
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...
com.festo.aas:p4m-helpers (>=1.0.0 <=1.0.4), de.dfki.cos.basys.aas.registry:aas-registry-compatibility (=0.4.2) +12 more potentially affected by CVE-2026-7412 via org.eclipse.basyx:basyx.sdk (>=1.0.1 <=1.5.1)
org.eclipse.basyx:basyx.sdk MAVEN version =1.0.1, =1.0.0, =0.4.2, =0.5.0, =0.5.0, =0.5.0, =1.0.1, =1.0.1, =1.0.1, =1.0.3, =1.5.1 Source cves: CVE-2026-7412 Source advisory: OSV:GHSA-GX3V-WXFJ-8H24...
GHSA-GX3V-WXFJ-8H24 Eclipse BaSyx Java Server SDK vulnerable to Server-Side Request Forgery
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...
GHSA-8GPM-H2MH-36QC Eclipse BaSyx Java Server SDK vulnerable to Path Traversal
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...
org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-inmemory (=2.0.0-milestone-01), org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-mongodb (=2.0.0-milestone-01) +7 more potentially affected by CVE-2026-7411 via org.eclipse.digitaltwin.basyx:basyx.submodelservice-core (=2.0.0-milestone-01)
org.eclipse.digitaltwin.basyx:basyx.submodelservice-core MAVEN version =2.0.0-milestone-01 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.digitaltwin.basyx:basyx.submodelservice-core and may be impacted: -...
org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-inmemory (=2.0.0-milestone-01), org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-mongodb (=2.0.0-milestone-01) +8 more potentially affected by CVE-2026-7411 via org.eclipse.digitaltwin.basyx:basyx.http (=2.0.0-milestone-01)
org.eclipse.digitaltwin.basyx:basyx.http MAVEN version =2.0.0-milestone-01 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.digitaltwin.basyx:basyx.http and may be impacted: -...
org.eclipse.digitaltwin.basyx:basyx.submodelrepository.component (=2.0.0-milestone-01) potentially affected by CVE-2026-7411 via org.eclipse.digitaltwin.basyx:basyx.submodelrepository-http (=2.0.0-milestone-01)
org.eclipse.digitaltwin.basyx:basyx.submodelrepository-http MAVEN version =2.0.0-milestone-01 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.digitaltwin.basyx:basyx.submodelrepository-http and may be impacted: -...
org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-inmemory (=2.0.0-milestone-01), org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-mongodb (=2.0.0-milestone-01) +3 more potentially affected by CVE-2026-7411 via org.eclipse.digitaltwin.basyx:basyx.submodelrepository-core (=2.0.0-milestone-01)
org.eclipse.digitaltwin.basyx:basyx.submodelrepository-core MAVEN version =2.0.0-milestone-01 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.digitaltwin.basyx:basyx.submodelrepository-core and may be impacted: -...
org.eclipse.digitaltwin.basyx:basyx.submodelservice.component (=2.0.0-milestone-01) potentially affected by CVE-2026-7411 via org.eclipse.digitaltwin.basyx:basyx.submodelservice-http (=2.0.0-milestone-01)
org.eclipse.digitaltwin.basyx:basyx.submodelservice-http MAVEN version =2.0.0-milestone-01 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.digitaltwin.basyx:basyx.submodelservice-http and may be impacted: -...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Operation Delegation feature. An attacker can cause the server to send unauthorized HTTP POST requests to arbitrary internal or external destinations by supplying a crafted destination URI,...
CVE-2026-7411
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...