Vulnerabilities

Report: CVE-2026-7292 - o2oa NodeAgent NodeAgent.java syncFile improper authorization - Expert Insights

2026-04-28 0 views admin

CVE ID :CVE-2026-7292 Published : April 28, 2026, 7:37 p.m. | 1 hour, 2 minutes ago Description :A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is said to be difficult. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet. Severity: 6.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-7292

Severity

HIGH

Published

April 28, 2026

Affected Product: java

🏷️ Tags

reportnodeagentsyncfileimproperauthorizationexpertinsightspublishedcvecve-2026-7292

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: CVE-2026-7292 - o2oa NodeAgent NodeAgent.java syncFile improper authorization - Expert Insights

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: CVE-2026-42421 - OpenClaw < 2026.4.8 - WebSocket Session Persistence via Shared Gateway Token Rot

Report: CVE-2026-42420 - OpenClaw < 2026.4.8 - Improper Base64 Decoding Size Validation

Report: CVE-2026-41916 - OpenClaw < 2026.4.8 - Stale Authentication State via Config Reload

Report: CVE-2026-41915 - OpenClaw < 2026.4.8 - Git Environment Variable Injection via Unfiltered Exec Env

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting