CVE-2026-3813CRITICAL 9.8EPSS p27.8%

CVE-2026-3813CVE-2026-3813

Description

A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculate of the file src/main/java/bp/wf/httphandler/WF_CCForm.java. Such manipulation leads to injection. The attack may be performed from remote. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.36% probability of exploitation · percentile 27.8% · 2026-06-19T12:03:05Z
Published2026-03-09
Last modified2026-04-29

Underlying weaknesses· 3

CWE-74CWE-707CWE-77

References

  1. https://gitee.com/opencc/JFlow/
  2. https://gitee.com/opencc/JFlow/issues/IE8R2F
  3. https://vuldb.com/?ctiid.349779
  4. https://vuldb.com/?id.349779
  5. https://vuldb.com/?submit.769112

3

TypeTargetConfidenceTier
WeaknessImproper Neutralizationcwe-7070%live
WeaknessImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')cwe-740%live
WeaknessImproper Neutralization of Special Elements used in a Command ('Command Injection')cwe-770%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-10202
CVE
CVE-2026-10193
CVE
CVE-2026-10203
CVE
CVE-2025-54466
CVE
CVE-2026-10204
CVE
CVE-2026-39440
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.