CVE-2026-3965

MEDIUM 6.3

whyour qinglong API express.ts protection mechanism

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.20.2 is able to address this issue. The identifier of the patch is 6bec52dca158481258315ba0fc2f11206df7b719. It is advisable to upgrade the affected component. The code maintainer was informed beforehand about the issues. He reacted very fast and highly professional.

CWE	CWE-693
Vendor	whyour
Product	qinglong
Published	Mar 11, 2026
Last Updated	Mar 12, 2026

Stay Ahead of the Next One

Get instant alerts for whyour qinglong

Be the first to know when new medium vulnerabilities affecting whyour qinglong are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

whyour / qinglong

2.20.0 2.20.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.350394 vuldb.com: https://vuldb.com/?ctiid.350394 vuldb.com: https://vuldb.com/?submit.768861 github.com: https://github.com/A7cc/cve/issues/6 github.com: https://github.com/whyour/qinglong/pull/2941 github.com: https://github.com/A7cc/cve/issues/6#issue-3999235307 github.com: https://github.com/whyour/qinglong/commit/6bec52dca158481258315ba0fc2f11206df7b719 github.com: https://github.com/whyour/qinglong/releases/tag/v2.20.2 github.com: https://github.com/whyour/qinglong/

Credits

🔍 a7cc (VulDB User)