Eclipse Foundation Eclipse Basyx vulnerabilities
2 known vulnerabilities affecting eclipse_foundation/eclipse_basyx.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2026-7411P2CRITICALCVSS 10.0fixed in 2.0.0-milestone-102026-05-05
CVE-2026-7411 [CRITICAL] CWE-22 CVE-2026-7411: In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an attacker can bypass intended storage boundaries and write a
nvd
CVE-2026-7412P2HIGHCVSS 8.6fixed in 2.0.0-milestone-102026-05-05
CVE-2026-7412 [HIGH] CWE-918 CVE-2026-7412: In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feat
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to arbitrary internal or external targets. This allows an attack
nvd