CVE-2026-7411: Path Traversal

Q: What is the severity of CVE-2026-7411?

CVE-2026-7411 is classified as a high severity vulnerability due to the potential for unauthenticated remote exploitation.

Q: How do I fix CVE-2026-7411?

To fix CVE-2026-7411, upgrade to Eclipse BaSyx Java Server SDK version 2.0.0-milestone-10 or later.

Q: What kind of attack can be performed using CVE-2026-7411?

CVE-2026-7411 allows attackers to perform a path traversal attack during file upload operations.

Q: Which versions of Eclipse BaSyx Java Server SDK are affected by CVE-2026-7411?

CVE-2026-7411 affects all versions of Eclipse BaSyx Java Server SDK prior to 2.0.0-milestone-10.

Q: Is authentication required to exploit CVE-2026-7411?

No, CVE-2026-7411 can be exploited by unauthenticated remote attackers.

Published May 5, 2026

Updated

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process. This can lead to Remote Code Execution (RCE) and complete system compromise.

Affected Software

1 affected component

Eclipse BaSyx Java Server SDK<2.0.0-milestone-10

Event History

May 5, 2026

CVE Published

via MITRE·02:07 PM

Data Sourced

via MITRE·02:07 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·04:16 PM

DescriptionSeverityWeakness

Sep 1, 58328

Event

via FIRST·05:10 AM

Frequently Asked Questions

What is the severity of CVE-2026-7411?

CVE-2026-7411 is classified as a high severity vulnerability due to the potential for unauthenticated remote exploitation.

How do I fix CVE-2026-7411?

To fix CVE-2026-7411, upgrade to Eclipse BaSyx Java Server SDK version 2.0.0-milestone-10 or later.

What kind of attack can be performed using CVE-2026-7411?

CVE-2026-7411 allows attackers to perform a path traversal attack during file upload operations.

Which versions of Eclipse BaSyx Java Server SDK are affected by CVE-2026-7411?

CVE-2026-7411 affects all versions of Eclipse BaSyx Java Server SDK prior to 2.0.0-milestone-10.

Is authentication required to exploit CVE-2026-7411?

No, CVE-2026-7411 can be exploited by unauthenticated remote attackers.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

CVE-2026-7411 - Path Traversal - SecAlerts