CVE-2026-7710: YunaiV yudao-cloud Improper Authentication Flaw
The National Vulnerability Database has detailed CVE-2026-7710, a high-severity improper authentication vulnerability in YunaiV yudao-cloud, affecting versions up to 3.8.0. The flaw resides in the doFilterInternal function of JwtAuthenticationTokenFilter.java within the Ruoyi-Vue-Pro component. Attackers can manipulate the mock-token argument, bypassing authentication mechanisms.
This vulnerability, rated with a CVSS score of 7.3 (HIGH), is remotely exploitable. A public exploit has been released, significantly increasing the immediate risk for affected systems. The National Vulnerability Database notes that the vendor, YunaiV, was contacted prior to disclosure but did not respond.
This is a critical blind spot for defenders. With a public exploit available, unpatched systems are exposed to immediate, untargeted attacks. Organizations running YunaiV yudao-cloud, especially those integrating with Ruoyi-Vue-Pro, need to prioritize this. Attackers will leverage this for initial access, moving quickly before patches can be deployed.
What This Means For You
- If your organization uses YunaiV yudao-cloud, particularly with the Ruoyi-Vue-Pro component, you need to immediately identify all instances running versions up to 3.8.0. Given the public exploit, assume compromise potential and audit access logs for any anomalous activity related to `mock-token` manipulation.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7710: YunaiV yudao-cloud Improper Authentication via Mock Token
title: CVE-2026-7710: YunaiV yudao-cloud Improper Authentication via Mock Token
id: scw-2026-05-04-ai-1
status: experimental
level: critical
description: |
Detects the specific exploitation attempt for CVE-2026-7710 by looking for the 'mock-token' parameter in the query string of a POST request. This vulnerability in YunaiV yudao-cloud allows for improper authentication when this parameter is manipulated.
author: SCW Feed Engine (AI-generated)
date: 2026-05-04
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7710/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri-query|contains:
- 'mock-token'
cs-method|exact:
- 'POST'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7710 | Auth Bypass | YunaiV yudao-cloud up to 3.8.0 |
| CVE-2026-7710 | Auth Bypass | Component: Ruoyi-Vue-Pro |
| CVE-2026-7710 | Auth Bypass | File: JwtAuthenticationTokenFilter.java, Function: doFilterInternal |
| CVE-2026-7710 | Auth Bypass | Manipulation of argument: mock-token |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 04, 2026 at 03:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7713 — Crocodilestick Calibre-Web-Automated Vulnerability
CVE-2026-7713 — A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of...
CVE-2026-7712 — MindsDB Insecure Deserialization
CVE-2026-7712 — A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation...
MindsDB Unrestricted File Upload (CVE-2026-7711) Poses Remote Threat
CVE-2026-7711 — A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py of the component Engine...