CVE-2026-4285
Received Received - Intake
Path Traversal in taoofagi easegen-admin's recognizeMarkdown Function

Publication date: 2026-03-17

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. Impacted is the function recognizeMarkdown of the file yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/Pdf2MdUtil.java. Such manipulation of the argument fileUrl leads to path traversal. It is possible to launch the attack remotely. The exploit is publicly available and might be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-17
Last Modified
2026-04-29
Generated
2026-05-27
AI Q&A
2026-03-17
EPSS Evaluated
2026-05-25
NVD
CVE-2026-4285
EUVD
EUVD-2026-12527
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
taoofagi easegen-admin to 2.3.0 (inc)
taoofagi easegen-admin to 8f87936ac774065b92fb20aab55b274a6ea76433 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': "CVE-2026-4285 is a path traversal vulnerability in the taoofagi easegen-admin software, specifically in the recognizeMarkdown function of the Pdf2MdUtil.java file. The vulnerability occurs due to improper validation of the fileUrl parameter in the document parsing endpoint /admin-api/digitalcourse/courses/docparse. An attacker can manipulate this parameter using the file:// protocol to traverse the server's filesystem and read arbitrary files outside the intended directory."}, {'type': 'paragraph', 'content': 'This flaw allows unauthorized access to files on the server by exploiting the pathname input, classified under CWE-22. The attack can be launched remotely but requires authentication.'}] [1, 2]


How can this vulnerability impact me? :

This vulnerability impacts the confidentiality of the system by allowing attackers to read arbitrary files on the server. This unauthorized file access can lead to exposure of sensitive information stored on the server.

Since the exploit is publicly available and easy to execute, attackers with access can remotely exploit this flaw, potentially leading to data leaks or further attacks leveraging the exposed information.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring requests to the endpoint /admin-api/digitalcourse/courses/docparse, which accepts a user-controlled parameter named fileUrl.'}, {'type': 'paragraph', 'content': 'Detection involves looking for attempts to exploit path traversal by using the file:// protocol in the fileUrl parameter to access unauthorized files on the server.'}, {'type': 'paragraph', 'content': 'Network or system administrators can inspect web server logs or use intrusion detection systems to identify suspicious requests containing fileUrl parameters with file:// or directory traversal patterns (e.g., ../).'}, {'type': 'list_item', 'content': "Use grep or similar tools on web server logs to find suspicious requests: grep -i 'fileUrl=file://' access.log"}, {'type': 'list_item', 'content': "Use curl or similar tools to test the endpoint manually: curl -v 'http://<target>/admin-api/digitalcourse/courses/docparse?fileUrl=file:///etc/passwd'"}, {'type': 'list_item', 'content': 'Deploy web application firewall (WAF) rules to detect and block requests with suspicious fileUrl parameters.'}] [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the vulnerable endpoint /admin-api/digitalcourse/courses/docparse to trusted users only.

Since no official patches or countermeasures are available and the vendor has not responded, consider disabling or removing the affected component if possible.

Implement input validation and sanitization on the fileUrl parameter to prevent path traversal attacks.

Use network-level controls such as firewalls or WAFs to block malicious requests attempting to exploit this vulnerability.

Monitor logs for exploitation attempts and respond accordingly.

Consider replacing the affected component with a secure alternative.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart