CVE Catalog

CVE-2026-38812

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

19th percentile — higher than 19% of all known CVEs

Summary

RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information.

Risk Assessment

An attacker with administrative privileges may gain access to sensitive database information, posing a serious security risk to the organization.

Recommendation

It is recommended to update to the latest version of RuoYi and implement additional security measures to restrict access to the /tool/gen/createTable endpoint.

Original NVD description (English source)

RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS