CVE-2026-7292

MEDIUM 5.6

o2oa NodeAgent NodeAgent.java syncFile improper authorization

CVSS Score

5.6

EPSS Score

0.0%

EPSS Percentile

0th

A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is said to be difficult. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-285 CWE-266
Vendor	n/a
Product	o2oa
Published	Apr 28, 2026

Stay Ahead of the Next One

Get instant alerts for n/a o2oa

Be the first to know when new medium vulnerabilities affecting n/a o2oa are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / o2oa

10.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/359952 vuldb.com: https://vuldb.com/vuln/359952/cti vuldb.com: https://vuldb.com/submit/803074 github.com: https://github.com/o2oa/o2oa/issues/194 github.com: https://github.com/o2oa/o2oa/

Credits

🔍 larlarua (VulDB User) VulDB CNA Team