Question 1

What is CVE-2026-38812 — CVE-2026-38812?

Accepted Answer

RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information.

Question 2

What is the authoritative source for CVE-2026-38812?

Accepted Answer

CVE-2026-38812 (CVE-2026-38812) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVSS	9.8 ()
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS	0.39% probability of exploitation · percentile 30.9% · 2026-06-19T12:03:05Z
Last modified	2026-06-16

CVE-2026-38812CVE-2026-38812

Description

Scoring