CVE-2026-3813

A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculate of the file src/main/java/bp/wf/httphandler/WF_CCForm.java. Such manipulation leads to injection. The attack may be performed from remote. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.

CVSS v3 6.3 MEDIUM
CVSS v2.0 6.5 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://gitee.com/opencc/JFlow/	Product
https://gitee.com/opencc/JFlow/issues/IE8R2F	Exploit Vendor Advisory Issue Tracking
https://vuldb.com/?ctiid.349779	Permissions Required VDB Entry
https://vuldb.com/?id.349779	Third Party Advisory VDB Entry
https://vuldb.com/?submit.769112	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:opencc:jflow:-:*:*:*:*:*:*:*

History

10 Mar 2026, 19:56

Type	Values Removed	Values Added
References	~~() https://gitee.com/opencc/JFlow/ -~~	() https://gitee.com/opencc/JFlow/ - Product
References	~~() https://gitee.com/opencc/JFlow/issues/IE8R2F -~~	() https://gitee.com/opencc/JFlow/issues/IE8R2F - Exploit, Vendor Advisory, Issue Tracking
References	~~() https://vuldb.com/?ctiid.349779 -~~	() https://vuldb.com/?ctiid.349779 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.349779 -~~	() https://vuldb.com/?id.349779 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.769112 -~~	() https://vuldb.com/?submit.769112 - Third Party Advisory, VDB Entry
Summary		(es) Se identificó una vulnerabilidad en opencc JFlow hasta 5badc00db382d7cb82dad231e6a866b18e0addfe. Afectada por esta vulnerabilidad es la función Calculate del archivo src/main/java/bp/wf/httphandler/WF_CCForm.java. Dicha manipulación conduce a inyección. El ataque puede ser realizado desde remoto. El exploit está disponible públicamente y podría ser utilizado. Este producto utiliza un sistema de lanzamiento continuo para entrega continua, y como tal, la información de la versión para las versiones afectadas o actualizadas no se divulga. El proyecto fue informado del problema tempranamente a través de un informe de problema, pero aún no ha respondido.
First Time		Opencc Opencc jflow
CWE		CWE-77
CPE		cpe:2.3:a:opencc:jflow:-:::::::*

09 Mar 2026, 10:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-09 10:16

Updated : 2026-03-10 19:56

NVD link : CVE-2026-3813

Mitre link : CVE-2026-3813

CVE.ORG link : CVE-2026-3813

JSON object : View

Products Affected

opencc

jflow

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-707

Improper Neutralization

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

6.3 /10