Unrated severityNVD Advisory· Published May 24, 2026

yangzongzhuan RuoYi-Vue Common Upload Endpoint upload FileUploadUtils.upload unrestricted upload

CVE-2026-9374

Description

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

Yangzongzhuan/Ruoyillm-fuzzy
Range: <=3.9.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

vuldb.com/submit/813252mitrethird-party-advisory
vuldb.com/vuln/365338mitrevdb-entrytechnical-description
vuldb.com/vuln/365338/ctimitresignaturepermissions-required

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000