ГлавнаяУязвимости → CVE-2026-36418
9.1критическая

CVE-2026-36418

Описание

JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper handling of Aviator expressions. The /jmreport/executeSelectApi endpoint passes user-supplied input directly to the Aviator expression engine without adequate validation allowing attackers to execute arbitrary code.

CVSS
Балл9.1 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Источники
https://github.com/Catherines77/code-au/blob/main/jimureport/aviator.mdhttps://github.com/Catherines77/code-au/blob/main/jimureport/aviator.md