Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
OpenCC JFlow Calculates Malicious Data from Remote Attackers
CVE-2026-3813
Summary
A security flaw in OpenCC JFlow allows attackers to inject malicious data into the system from a remote location. This means a website or user may be able to send bad data to the system and cause it to behave in an unintended way. If you use OpenCC JFlow, you should check with the project maintainers to see if a fix is available, and consider applying it to protect your system.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| opencc | jflow | All versions | – |
Original title
A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculate of the file src/main/java/bp/wf/httphandler/W...
Original description
A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculate of the file src/main/java/bp/wf/httphandler/WF_CCForm.java. Such manipulation leads to injection. The attack may be performed from remote. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-707
CWE-77
Command Injection
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026