High severity7.5NVD Advisory· Published Mar 20, 2025· Updated Jun 17, 2026
CVE-2024-12866
CVE-2024-12866
Description
A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an attacker to read arbitrary files on the file system, which can lead to remote code execution by retrieving private SSH keys, reading private files, source code, and configuration files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: =v2.0.0
- Range: unspecified
Patches
Vulnerability mechanics
References
1- huntr.com/bounties/c23da7c7-a226-40a2-83db-6a8ab1b2ef64nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.