CVE-2026-3813
MEDIUMopencc JFlow - Injection in WF_CCForm Calculate Function
Title source: llmDescription
A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculate of the file src/main/java/bp/wf/httphandler/WF_CCForm.java. Such manipulation leads to injection. The attack may be performed from remote. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
References (5)
Core 5
Core References
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.769112
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.349779
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.349779
Issue Tracking exploit
issue-tracking
https://gitee.com/opencc/JFlow/issues/IE8R2F
Various Sources product
https://gitee.com/opencc/JFlow/
Scores
CVSS v3
6.3
EPSS
0.0036
EPSS Percentile
27.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-707
CWE-74
CWE-77
Status
published
Products (1)
opencc/jflow
Published
Mar 09, 2026
Tracked Since
Mar 09, 2026