CVE-2026-2819: Dromara RuoYi-Vue-Plus Workflow deleteByInstanceIds SaServletFilter authorization

Q: What is the severity of CVE-2026-2819?

CVE-2026-2819 is considered a critical severity vulnerability due to unauthorized access risks in the Workflow Module.

Q: How do I fix CVE-2026-2819?

To fix CVE-2026-2819, update Dromara RuoYi-Vue-Plus to version 5.5.4 or later where the vulnerability is resolved.

Q: What specific functionality is affected by CVE-2026-2819?

CVE-2026-2819 affects the SaServletFilter function in the /workflow/instance/deleteByInstanceIds component of the Dromara RuoYi-Vue-Plus application.

Q: Who is affected by CVE-2026-2819?

CVE-2026-2819 affects all users running Dromara RuoYi-Vue-Plus version 5.5.3 or earlier.

Q: What types of attacks can be performed due to CVE-2026-2819?

Attackers can exploit CVE-2026-2819 to execute unauthorized actions within the Workflow Module.

Published Feb 20, 2026

Updated

A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

1 affected component

Dromara RuoYi-Vue-Plus<=5.5.3

Event History

Feb 20, 2026

CVE Published

via MITRE·01:32 AM

Data Sourced

via MITRE·01:32 AM

DescriptionSeverityWeakness

Data Sourced

via NVD·02:16 AM

DescriptionSeverityWeakness

Jan 23, 58126

Event

via FIRST·05:32 PM

Frequently Asked Questions

What is the severity of CVE-2026-2819?

CVE-2026-2819 is considered a critical severity vulnerability due to unauthorized access risks in the Workflow Module.

How do I fix CVE-2026-2819?

To fix CVE-2026-2819, update Dromara RuoYi-Vue-Plus to version 5.5.4 or later where the vulnerability is resolved.

What specific functionality is affected by CVE-2026-2819?

CVE-2026-2819 affects the SaServletFilter function in the /workflow/instance/deleteByInstanceIds component of the Dromara RuoYi-Vue-Plus application.

Who is affected by CVE-2026-2819?

CVE-2026-2819 affects all users running Dromara RuoYi-Vue-Plus version 5.5.3 or earlier.

What types of attacks can be performed due to CVE-2026-2819?

Attackers can exploit CVE-2026-2819 to execute unauthorized actions within the Workflow Module.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.