Ghostwire

CVE-2026-7291: A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of...

MEDIUM CVSS 6.3 Exploit Available 1 PoC

Published: April 28, 2026 | Last Modified: April 28, 2026

Description

A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.
1 proof-of-concept exploit available on GitHub. Public exploit code lowers the barrier for both researchers and attackers.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Proof-of-Concept Exploits (1)

o2oa/o2oa

CVE-2026-7291: A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of...

Description

Ghostwire Analysis — What This Means Practically

Proof-of-Concept Exploits (1)

Security Coverage (1 articles)

References