CVE-2026-3813

A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculate of the file src/main/java/bp/wf/httphandler/WF_CCForm.java. Such manipulation leads to injection. The attack may be performed from remote. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.

CVSS v3 6.3 MEDIUM
CVSS v2.0 6.5 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://gitee.com/opencc/JFlow/	Product
https://gitee.com/opencc/JFlow/issues/IE8R2F	Exploit Vendor Advisory Issue Tracking
https://vuldb.com/?ctiid.349779	Permissions Required VDB Entry
https://vuldb.com/?id.349779	Third Party Advisory VDB Entry
https://vuldb.com/?submit.769112	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:opencc:jflow:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-09 10:16

Updated : 2026-03-10 19:56

NVD link : CVE-2026-3813

Mitre link : CVE-2026-3813

CVE.ORG link : CVE-2026-3813

JSON object : View

Products Affected

opencc

jflow

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-707

Improper Neutralization

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2026-3813", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-09T10:16:03.110", "references": [{"url": "https://gitee.com/opencc/JFlow/", "tags": ["Product"], "source": "cna@vuldb.com"}, {"url": "https://gitee.com/opencc/JFlow/issues/IE8R2F", "tags": ["Exploit", "Vendor Advisory", "Issue Tracking"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.349779", "tags": ["Permissions Required", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.349779", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.769112", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-707"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculate of the file src/main/java/bp/wf/httphandler/WF_CCForm.java. Such manipulation leads to injection. The attack may be performed from remote. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad en opencc JFlow hasta 5badc00db382d7cb82dad231e6a866b18e0addfe. Afectada por esta vulnerabilidad es la funci\u00f3n Calculate del archivo src/main/java/bp/wf/httphandler/WF_CCForm.java. Dicha manipulaci\u00f3n conduce a inyecci\u00f3n. El ataque puede ser realizado desde remoto. El exploit est\u00e1 disponible p\u00fablicamente y podr\u00eda ser utilizado. Este producto utiliza un sistema de lanzamiento continuo para entrega continua, y como tal, la informaci\u00f3n de la versi\u00f3n para las versiones afectadas o actualizadas no se divulga. El proyecto fue informado del problema tempranamente a trav\u00e9s de un informe de problema, pero a\u00fan no ha respondido."}], "lastModified": "2026-03-10T19:56:24.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opencc:jflow:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "644C3D65-4DAE-42FB-BD95-D7A69A9B2BF8"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}