CVE-2026-7710
Deferred Deferred - Pending Action
Authentication Bypass in YunaiV yudao-cloud via JWT Manipulation

Publication date: 2026-05-04

Last updated on: 2026-05-04

Assigner: VulDB

Description
A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-04
Last Modified
2026-05-04
Generated
2026-06-16
AI Q&A
2026-05-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7710
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
yunai cloud to 3.8.0 (inc)
ruoyi vue_pro From 3.5.0 (inc) to 3.8.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7710 is a critical authentication bypass vulnerability found in Ruoyi-Vue-Pro versions 3.5.0 to 3.8.0. The flaw exists in the JwtAuthenticationTokenFilter.java file, specifically in the doFilterInternal method, which improperly handles a "mock-token" header.

Attackers can exploit this vulnerability by sending a specially crafted header containing a "user_" prefix followed by a user ID. This allows them to impersonate any user without proper authentication.

The vulnerable code extracts the user ID directly from the header and creates an authentication object without validating the environment or performing proper JWT token checks, leading to full system compromise.

Impact Analysis

Exploitation of this vulnerability enables attackers to gain unauthorized access to the system, impersonate any user, and escalate privileges to administrator-level permissions.

This can lead to complete data access and manipulation, including unauthorized retrieval of user data, modification of passwords, and full system takeover.

Detection Guidance

This vulnerability can be detected by monitoring network traffic for HTTP requests containing a specially crafted header named "mock-token" with a value starting with the prefix "user_" followed by a user ID. Such requests indicate attempts to exploit the authentication bypass.

To detect exploitation attempts, you can use network inspection tools or commands that filter HTTP headers for the "mock-token" header.

  • Using tcpdump to capture packets containing the mock-token header: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep -i 'mock-token'
  • Using grep on web server access logs to find requests with the mock-token header: grep -i 'mock-token' /var/log/nginx/access.log
  • Using a web application firewall (WAF) or intrusion detection system (IDS) to alert on HTTP headers containing "mock-token" with suspicious values.
Mitigation Strategies

Immediate mitigation steps include restricting or disabling the mock-token functionality in production environments to prevent unauthorized authentication bypass.

If possible, remove the mock-token handling code entirely from the JwtAuthenticationTokenFilter.java file or ensure it is only enabled in isolated, non-production environments.

Review and update configuration settings to enforce environment isolation and prevent exposure of this vulnerability.

Implement security scanning and code reviews to detect and prevent similar issues.

Monitor for exploitation attempts and apply patches or updates from the vendor once available.

Compliance Impact

This vulnerability allows attackers to bypass authentication and impersonate any user, leading to full system compromise including unauthorized access to user data, data manipulation, and privilege escalation.

Such unauthorized access and potential data breaches can result in non-compliance with data protection regulations like GDPR and HIPAA, which require strict controls over personal and sensitive data to prevent unauthorized access and ensure data integrity.

Therefore, exploitation of this vulnerability could lead to violations of these standards due to failure in protecting user data confidentiality, integrity, and access controls.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7710. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart