Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Dromara RuoYi-Vue-Plus workflow module unauthorized access risk
CVE-2026-2819
Summary
An unauthorized access risk exists in the workflow module of Dromara RuoYi-Vue-Plus versions 5.5.3 and earlier. This means that an attacker could potentially access sensitive information or perform actions without permission. To protect your system, update to a fixed version of Dromara RuoYi-Vue-Plus as soon as possible.
Original title
A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Wor...
Original description
A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-862
Missing Authorization
CWE-863
Incorrect Authorization
Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026