CVE-2026-7065: BidingCC BuildingAI SSRF Vulnerability Publicly Disclosed
The National Vulnerability Database has published details on CVE-2026-7065, a high-severity server-side request forgery (SSRF) vulnerability affecting BidingCC BuildingAI up to version 26.0.1. The flaw resides in the uploadRemoteFile function within the Remote Upload API component, specifically in the packages/core/src/modules/upload/services/file-storage.service.ts file.
Attackers can remotely manipulate the url argument to trigger SSRF, potentially forcing the server to make requests to internal or external resources. The exploit has been publicly disclosed, increasing the immediate risk. According to the National Vulnerability Database, BidingCC was informed via an issue report but has not yet responded, leaving users exposed.
This is a critical oversight. A public exploit combined with vendor silence means defenders are operating blind. SSRF can lead to data exposure, port scanning of internal networks, or even RCE in vulnerable internal services. The CVSS score of 7.3 (HIGH) reflects the network-based attack vector and low complexity, making it a prime target for opportunistic attackers.
What This Means For You
- If your organization uses BidingCC BuildingAI, immediately assess your version. If you are running version 26.0.1 or earlier, your systems are vulnerable to remote exploitation. Monitor network traffic for unusual outbound connections from your BuildingAI instances and prepare for a patch, as this vulnerability is publicly known and ripe for exploitation.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7065: BidingCC BuildingAI Remote Upload SSRF Attempt
title: CVE-2026-7065: BidingCC BuildingAI Remote Upload SSRF Attempt
id: scw-2026-04-27-ai-1
status: experimental
level: high
description: |
Detects attempts to exploit CVE-2026-7065 by targeting the uploadRemoteFile function in BidingCC BuildingAI. The rule looks for POST requests to the vulnerable service endpoint containing a 'url=' parameter, indicative of an SSRF attempt to access internal or external resources.
author: SCW Feed Engine (AI-generated)
date: 2026-04-27
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7065/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/packages/core/src/modules/upload/services/file-storage.service.ts'
cs-method:
- 'POST'
cs-uri-query|contains:
- 'url='
selection_indicators:
cs-uri-query|contains:
- 'http://'
- 'https://'
- 'file://'
condition: selection AND selection_indicators
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7065 | SSRF | BidingCC BuildingAI up to 26.0.1 |
| CVE-2026-7065 | SSRF | packages/core/src/modules/upload/services/file-storage.service.ts |
| CVE-2026-7065 | SSRF | function uploadRemoteFile |
| CVE-2026-7065 | SSRF | component Remote Upload API |
| CVE-2026-7065 | SSRF | manipulation of argument url |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 27, 2026 at 03:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
itSourceCode Courier Management System SQLi: CVE-2026-7076
CVE-2026-7076 — A vulnerability was determined in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /edit_branch.php. Executing a manipulation of...
itsourcecode Construction Management System SQLi (CVE-2026-7075)
CVE-2026-7075 — A vulnerability was found in itsourcecode Construction Management System 1.0. This issue affects some unknown processing of the file /locations.php. Performing a manipulation...
CVE-2026-7074: SQL Injection in Construction Management System 1.0
CVE-2026-7074 — A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of...