CVE-2026-30403

HIGH

wgcloud <=3.6.3 - Arbitrary File Read

Title source: llm

Description

There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server.

References (2)

Core 2

Core References

https://github.com/tianshiyeben/wgcloud/issues/97

https://github.com/TTTlw1024/qwe/issues/2

Scores

CVSS v3 7.5

EPSS 0.0037

EPSS Percentile 29.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

wgstart/wgcloud < 3.6.3

Published Mar 19, 2026

Tracked Since Mar 19, 2026