CVE-2026-7412: SSRF

Q: What is the severity of CVE-2026-7412?

CVE-2026-7412 has been classified as a high severity vulnerability due to the potential for remote code execution.

Q: How do I fix CVE-2026-7412?

To fix CVE-2026-7412, upgrade your Eclipse BaSyx Java Server SDK to version 2.0.0-milestone-10 or later.

Q: What is affected by CVE-2026-7412?

CVE-2026-7412 affects all versions of Eclipse BaSyx Java Server SDK prior to 2.0.0-milestone-10.

Q: Can CVE-2026-7412 be exploited by unauthenticated users?

Yes, CVE-2026-7412 can be exploited by unauthenticated remote attackers.

Q: What kind of attacks can CVE-2026-7412 facilitate?

CVE-2026-7412 can be exploited to force the BaSyx server to execute blind HTTP POST requests.

Published May 5, 2026

Updated

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to arbitrary internal or external targets. This allows an attacker to bypass network segmentation and pivot into isolated internal IT/OT infrastructure or target Cloud Metadata services (IMDS).

Affected Software

1 affected component

Eclipse BaSyx Java Server SDK<2.0.0-milestone-10

Event History

May 5, 2026

CVE Published

via MITRE·02:15 PM

Data Sourced

via MITRE·02:15 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·04:16 PM

DescriptionSeverityWeakness

Oct 14, 58358

Event

via FIRST·02:26 AM

Frequently Asked Questions

What is the severity of CVE-2026-7412?

CVE-2026-7412 has been classified as a high severity vulnerability due to the potential for remote code execution.

How do I fix CVE-2026-7412?

To fix CVE-2026-7412, upgrade your Eclipse BaSyx Java Server SDK to version 2.0.0-milestone-10 or later.

What is affected by CVE-2026-7412?

CVE-2026-7412 affects all versions of Eclipse BaSyx Java Server SDK prior to 2.0.0-milestone-10.

Can CVE-2026-7412 be exploited by unauthenticated users?

Yes, CVE-2026-7412 can be exploited by unauthenticated remote attackers.

What kind of attacks can CVE-2026-7412 facilitate?

CVE-2026-7412 can be exploited to force the BaSyx server to execute blind HTTP POST requests.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.