A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The impacted element is the function generateUploadPath of the file yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/service/file/FileServiceImpl.java of the component AppFileController File Upload Endpoint. Performing a manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The patch is named 4ae3f6b2c9883978837638c14e3d18419819eeb0. It is recommended to apply a patch to fix this issue. This product is published by multiple vendors.
Casky was already ahead
This CVE exploits attack patterns that Casky's 347matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
CVE-2026-13528 is a path traversal vulnerability in the RuoYi-Vue-Pro application framework affecting the file upload endpoint (AppFileController). The vulnerability exists in the generateUploadPath function within FileServiceImpl.java, where insufficient input validation allows attackers to manipulate file paths and write files outside their intended directory. This impacts any organization using RuoYi-Vue-Pro up to version 2026.04-jdk8-SNAPSHOT. The vulnerability is particularly dangerous because file upload endpoints are common attack targets, and successful exploitation could lead to arbitrary file write capabilities, enabling remote code execution, configuration file manipulation, or lateral movement within the application environment.
Casky's 347 mapped security skills leverage Claude AI's extended reasoning to detect the attack patterns behind this vulnerability by analyzing techniques TA0001 (Initial Access) and TA0007 (Discovery). Practitioners using Casky would identify suspicious patterns such as: file upload requests containing path traversal sequences (../, ..\, encoded variants), abnormal upload paths pointing outside designated directories, and POST requests to the AppFileController with manipulated file path parameters. The platform would flag CWE-22 violations by detecting when user-supplied input flows directly into file system operations without proper sanitization. Security teams would see findings highlighting dangerous function calls in generateUploadPath that don't validate against directory escape attempts, helping them prioritize remediation and understand the precise code patterns that enable exploitation before attackers leverage the publicly disclosed exploit.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
These skills use Claude AI's reasoning model to surface findings in the same attack categories as CVE-2026-13528.
Casky has 347 skills that investigate the attack patterns behind CVE-2026-13528. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →Access with Stolen Session Cookie
penetration testing · medium
Account Access Removal
cloud security · low
Account Manipulation
cloud security · low
Account Manipulation: Account Linking
cloud security · low
Account Manipulation: Change Account Details
cloud security · low
Account Manipulation: Change of Payment Details
phishing defense · medium
Account Takeover
red teaming · high
Account Takeover
red teaming · high
Account Takeover
phishing defense · medium
Account Takeover: Exposed Login Credential
phishing defense · medium
Account Takeover: Exposed Login Credential
red teaming · high
Account Takeover: Exposed Login Credential
threat hunting · low
analyzing-cloud-storage-access-patterns
cloud security · low
analyzing-ios-app-security-with-objection
mobile security · low
analyzing-malicious-url-with-urlscan
phishing defense · medium
analyzing-office365-audit-logs-for-compromise
cloud security · low
analyzing-persistence-mechanisms-in-linux
threat hunting · low
analyzing-powershell-empire-artifacts
threat hunting · low
auditing-aws-s3-bucket-permissions
cloud security · low
auditing-azure-active-directory-configuration
cloud security · low
auditing-cloud-with-cis-benchmarks
cloud security · low
auditing-gcp-iam-permissions
cloud security · low
auditing-terraform-infrastructure-for-security
cloud security · low
Browser Session Hijacking
cloud security · low
building-c2-infrastructure-with-sliver-framework
red teaming · high
building-c2-redirector-infrastructure
red teaming · high
building-cloud-siem-with-sentinel
cloud security · low
building-devsecops-pipeline-with-gitlab-ci
devsecops · low
building-patch-tuesday-response-process
vulnerability management · medium
building-red-team-c2-infrastructure-with-havoc
red teaming · high
building-threat-hunt-hypothesis-framework
threat hunting · low
building-vulnerability-aging-and-sla-tracking
vulnerability management · medium
building-vulnerability-dashboard-with-defectdojo
vulnerability management · medium
building-vulnerability-exception-tracking-system
vulnerability management · medium
bypassing-authentication-with-forced-browsing
web application security · medium
coercing-authentication-with-coercer-petitpotam
red teaming · high
conducting-api-security-testing
penetration testing · medium
conducting-cloud-penetration-testing
cloud security · low
conducting-domain-persistence-with-dcsync
red teaming · high
conducting-external-reconnaissance-with-osint
penetration testing · medium
conducting-full-scope-red-team-engagement
red teaming · high
conducting-internal-network-penetration-test
penetration testing · medium
conducting-internal-reconnaissance-with-bloodhound-ce
red teaming · high
conducting-mobile-app-penetration-test
penetration testing · medium
conducting-network-penetration-test
penetration testing · medium
conducting-pass-the-ticket-attack
red teaming · high
conducting-wireless-network-penetration-test
penetration testing · medium
Convert to Cryptocurrency
cloud security · low
Create Fake Materials: Fake Website
phishing defense · medium
Create Fake Materials: Fake Website
phishing defense · medium
Create Fake Materials: Fake Website
penetration testing · medium
Create Fake Materials: Fake Website
phishing defense · medium
Create Fake Materials: Fake Website
threat hunting · low
Create Fake Materials: Fake Website
phishing defense · medium
Delete Relevant Emails
phishing defense · medium
detecting-anomalies-in-industrial-control-systems
ot ics security · medium
detecting-api-enumeration-attacks
api security · medium
detecting-attacks-on-historian-servers
ot ics security · medium
detecting-attacks-on-scada-systems
ot ics security · medium
detecting-aws-guardduty-findings-automation
cloud security · low
detecting-aws-iam-privilege-escalation
cloud security · low
detecting-azure-lateral-movement
cloud security · low
detecting-azure-service-principal-abuse
cloud security · low
detecting-azure-storage-account-misconfigurations
cloud security · low
detecting-broken-object-property-level-authorization
api security · medium
detecting-cloud-threats-with-guardduty
cloud security · low
detecting-dcsync-attack-in-active-directory
threat hunting · low
detecting-dll-sideloading-attacks
threat hunting · low
detecting-dnp3-protocol-anomalies
ot ics security · medium
detecting-email-forwarding-rules-attack
threat hunting · low
detecting-golden-ticket-attacks-in-kerberos-logs
threat hunting · low
detecting-insider-threat-behaviors
threat hunting · low
detecting-kerberoasting-attacks
threat hunting · low
detecting-lateral-movement-with-splunk
threat hunting · low
detecting-malicious-scheduled-tasks-with-sysmon
threat hunting · low
detecting-mimikatz-execution-patterns
threat hunting · low
detecting-misconfigured-azure-storage
cloud security · low
detecting-modbus-command-injection-attacks
ot ics security · medium
detecting-modbus-protocol-anomalies
ot ics security · medium
detecting-ntlm-relay-with-event-correlation
threat hunting · low
detecting-pass-the-hash-attacks
threat hunting · low
detecting-privilege-escalation-attempts
threat hunting · low
detecting-process-hollowing-technique
threat hunting · low
detecting-s3-data-exfiltration-attempts
cloud security · low
detecting-serverless-function-injection
cloud security · low
detecting-service-account-abuse
threat hunting · low
detecting-shadow-api-endpoints
api security · medium
detecting-shadow-it-cloud-usage
cloud security · low
detecting-stuxnet-style-attacks
ot ics security · medium
detecting-suspicious-oauth-application-consent
cloud security · low
detecting-suspicious-powershell-execution
threat hunting · low
detecting-t1055-process-injection-with-sysmon
threat hunting · low
detecting-t1548-abuse-elevation-control-mechanism
threat hunting · low
detecting-wmi-persistence
threat hunting · low
Electronic Funds Transfer: Wire Transfer
phishing defense · medium
emulating-cloud-attacks-with-stratus-red-team
cloud security · low
enumerating-cloud-with-cloudfox
cloud security · low
executing-active-directory-attack-simulation
penetration testing · medium
executing-red-team-engagement-planning
red teaming · high
executing-red-team-exercise
penetration testing · medium
exploiting-active-directory-certificate-services-esc1
red teaming · high
exploiting-active-directory-with-bloodhound
red teaming · high
exploiting-adcs-with-certipy
red teaming · high
exploiting-api-injection-vulnerabilities
api security · medium
exploiting-aws-with-pacu
cloud security · low
exploiting-broken-function-level-authorization
api security · medium
exploiting-broken-link-hijacking
web application security · medium
exploiting-constrained-delegation-abuse
red teaming · high
exploiting-deeplink-vulnerabilities
mobile security · low
exploiting-excessive-data-exposure-in-api
api security · medium
exploiting-http-request-smuggling
web application security · medium
exploiting-idor-vulnerabilities
web application security · medium
exploiting-insecure-data-storage-in-mobile
mobile security · low
exploiting-insecure-deserialization
web application security · medium
exploiting-jwt-algorithm-confusion-attack
api security · medium
exploiting-kerberoasting-with-impacket
red teaming · high
exploiting-mass-assignment-in-rest-apis
web application security · medium
exploiting-ms17-010-eternalblue-vulnerability
red teaming · high
exploiting-nopac-cve-2021-42278-42287
red teaming · high
exploiting-nosql-injection-vulnerabilities
web application security · medium
exploiting-oauth-misconfiguration
web application security · medium
exploiting-prototype-pollution-in-javascript
web application security · medium
exploiting-race-condition-vulnerabilities
web application security · medium
exploiting-server-side-request-forgery
web application security · medium
exploiting-sql-injection-vulnerabilities
penetration testing · medium
exploiting-sql-injection-with-sqlmap
web application security · medium
exploiting-template-injection-vulnerabilities
web application security · medium
exploiting-type-juggling-vulnerabilities
web application security · medium
exploiting-vulnerabilities-with-metasploit-framework
vulnerability management · medium
exploiting-websocket-vulnerabilities
web application security · medium
exploiting-zerologon-vulnerability-cve-2020-1472
red teaming · high
fleet-hunting-with-velociraptor
threat hunting · low
hunting-evtx-with-chainsaw
threat hunting · low
hunting-for-anomalous-powershell-execution
threat hunting · low
hunting-for-beaconing-with-frequency-analysis
threat hunting · low
hunting-for-cobalt-strike-beacons
threat hunting · low
hunting-for-command-and-control-beaconing
threat hunting · low
hunting-for-data-exfiltration-indicators
threat hunting · low
hunting-for-data-staging-before-exfiltration
threat hunting · low
hunting-for-dcom-lateral-movement
threat hunting · low
hunting-for-dcsync-attacks
threat hunting · low
hunting-for-defense-evasion-via-timestomping
threat hunting · low
hunting-for-dns-based-persistence
threat hunting · low
hunting-for-dns-tunneling-with-zeek
threat hunting · low
hunting-for-domain-fronting-c2-traffic
threat hunting · low
hunting-for-lateral-movement-via-wmi
threat hunting · low
hunting-for-living-off-the-cloud-techniques
threat hunting · low
hunting-for-living-off-the-land-binaries
threat hunting · low
hunting-for-lolbins-execution-in-endpoint-logs
threat hunting · low
hunting-for-ntlm-relay-attacks
threat hunting · low
hunting-for-persistence-mechanisms-in-windows
threat hunting · low
hunting-for-persistence-via-wmi-subscriptions
threat hunting · low
hunting-for-process-injection-techniques
threat hunting · low
hunting-for-registry-persistence-mechanisms
threat hunting · low
hunting-for-registry-run-key-persistence
threat hunting · low
hunting-for-scheduled-task-persistence
threat hunting · low
hunting-for-shadow-copy-deletion
threat hunting · low
hunting-for-startup-folder-persistence
threat hunting · low
hunting-for-supply-chain-compromise
threat hunting · low
hunting-for-suspicious-scheduled-tasks
threat hunting · low
hunting-for-t1098-account-manipulation
threat hunting · low
hunting-for-unusual-network-connections
threat hunting · low
hunting-for-unusual-service-installations
threat hunting · low
hunting-for-webshell-activity
threat hunting · low
Impersonate Account Holder
phishing defense · medium
Impersonate Account Holder
phishing defense · medium
implementing-api-abuse-detection-with-rate-limiting
api security · medium
implementing-api-gateway-security-controls
api security · medium
implementing-api-key-security-controls
api security · medium
implementing-api-rate-limiting-and-throttling
api security · medium
implementing-api-schema-validation-security
api security · medium
implementing-api-security-posture-management
api security · medium
implementing-api-security-testing-with-42crunch
api security · medium
implementing-api-threat-protection-with-apigee
api security · medium
implementing-aqua-security-for-container-scanning
devsecops · low
implementing-attack-path-analysis-with-xm-cyber
vulnerability management · medium
implementing-aws-config-rules-for-compliance
cloud security · low
implementing-aws-macie-for-data-classification
cloud security · low
implementing-aws-nitro-enclave-security
cloud security · low
implementing-aws-security-hub
cloud security · low
implementing-aws-security-hub-compliance
cloud security · low
implementing-azure-defender-for-cloud
cloud security · low
implementing-cloud-dlp-for-data-protection
cloud security · low
implementing-cloud-security-posture-management
cloud security · low
implementing-cloud-trail-log-analysis
cloud security · low
implementing-cloud-vulnerability-posture-management
vulnerability management · medium
implementing-cloud-waf-rules
cloud security · low
implementing-cloud-workload-protection
cloud security · low
implementing-code-signing-for-artifacts
devsecops · low
implementing-conduit-security-for-ot-remote-access
ot ics security · medium
implementing-continuous-security-validation-with-bas
vulnerability management · medium
implementing-dmarc-dkim-spf-email-security
phishing defense · medium
implementing-dragos-platform-for-ot-monitoring
ot ics security · medium
implementing-email-sandboxing-with-proofpoint
phishing defense · medium
implementing-epss-score-for-vulnerability-prioritization
vulnerability management · medium
implementing-fuzz-testing-in-cicd-with-aflplusplus
devsecops · low
implementing-gcp-binary-authorization
cloud security · low
implementing-gcp-organization-policy-constraints
cloud security · low
implementing-gcp-vpc-firewall-rules
cloud security · low
implementing-github-advanced-security-for-code-scanning
devsecops · low
implementing-ics-firewall-with-tofino
ot ics security · medium
implementing-iec-62443-security-zones
ot ics security · medium
implementing-infrastructure-as-code-security-scanning
devsecops · low
implementing-mobile-application-management
mobile security · low
implementing-nerc-cip-compliance-controls
ot ics security · medium
implementing-network-segmentation-for-ot
ot ics security · medium
implementing-ot-incident-response-playbook
ot ics security · medium
implementing-ot-network-traffic-analysis-with-nozomi
ot ics security · medium
implementing-patch-management-for-ot-systems
ot ics security · medium
implementing-patch-management-workflow
vulnerability management · medium
implementing-policy-as-code-with-open-policy-agent
devsecops · low
implementing-purdue-model-network-segmentation
ot ics security · medium
implementing-rapid7-insightvm-for-scanning
vulnerability management · medium
implementing-secret-scanning-with-gitleaks
devsecops · low
implementing-secrets-management-with-vault
cloud security · low
implementing-secrets-scanning-in-ci-cd
devsecops · low
implementing-semgrep-for-custom-sast-rules
devsecops · low
implementing-vulnerability-management-with-greenbone
vulnerability management · medium
implementing-vulnerability-remediation-sla
vulnerability management · medium
implementing-vulnerability-sla-breach-alerting
vulnerability management · medium
implementing-web-application-logging-with-modsecurity
web application security · medium
implementing-zero-trust-in-cloud
cloud security · low
implementing-zero-trust-network-access
cloud security · low
integrating-dast-with-owasp-zap-in-pipeline
devsecops · low
integrating-sast-into-github-actions-pipeline
devsecops · low
intercepting-mobile-traffic-with-burpsuite
mobile security · low
mapping-attack-paths-with-bloodhound-ce
red teaming · high
moving-laterally-with-netexec
penetration testing · medium
operating-havoc-c2
red teaming · high
operating-sliver-c2
red teaming · high
performing-active-directory-bloodhound-analysis
red teaming · high
performing-active-directory-penetration-test
penetration testing · medium
performing-active-directory-vulnerability-assessment
vulnerability management · medium
performing-agentless-vulnerability-scanning
vulnerability management · medium
performing-android-app-static-analysis-with-mobsf
mobile security · low
performing-api-fuzzing-with-restler
api security · medium
performing-api-inventory-and-discovery
api security · medium
performing-api-rate-limiting-bypass
api security · medium
performing-api-security-testing-with-postman
api security · medium
performing-asset-criticality-scoring-for-vulns
vulnerability management · medium
performing-authenticated-scan-with-openvas
vulnerability management · medium
performing-authenticated-vulnerability-scan
vulnerability management · medium
performing-aws-account-enumeration-with-scout-suite
cloud security · low
performing-aws-privilege-escalation-assessment
cloud security · low
performing-blind-ssrf-exploitation
web application security · medium
performing-clickjacking-attack-test
web application security · medium
performing-cloud-asset-inventory-with-cartography
cloud security · low
performing-cloud-forensics-with-aws-cloudtrail
cloud security · low
performing-cloud-log-forensics-with-athena
cloud security · low
performing-cloud-native-forensics-with-falco
cloud security · low
performing-cloud-native-threat-hunting-with-aws-detective
cloud security · low
performing-cloud-penetration-testing-with-pacu
cloud security · low
performing-container-image-hardening
devsecops · low
performing-content-security-policy-bypass
web application security · medium
performing-csrf-attack-simulation
web application security · medium
performing-cve-prioritization-with-kev-catalog
vulnerability management · medium
performing-directory-traversal-testing
web application security · medium
performing-dmarc-policy-enforcement-rollout
phishing defense · medium
performing-dynamic-analysis-of-android-app
mobile security · low
performing-external-network-penetration-test
penetration testing · medium
performing-gcp-penetration-testing-with-gcpbucketbrute
cloud security · low
performing-gcp-security-assessment-with-forseti
cloud security · low
performing-graphql-depth-limit-attack
api security · medium
performing-graphql-introspection-attack
api security · medium
performing-graphql-security-assessment
web application security · medium
performing-http-parameter-pollution-attack
web application security · medium
performing-ics-asset-discovery-with-claroty
ot ics security · medium
performing-ios-app-security-assessment
mobile security · low
performing-iot-security-assessment
penetration testing · medium
performing-jwt-none-algorithm-attack
api security · medium
performing-kerberoasting-attack
red teaming · high
performing-lateral-movement-with-wmiexec
red teaming · high
performing-mobile-app-certificate-pinning-bypass
mobile security · low
performing-oil-gas-cybersecurity-assessment
ot ics security · medium
performing-open-source-intelligence-gathering
red teaming · high
performing-ot-network-security-assessment
ot ics security · medium
performing-ot-vulnerability-assessment-with-claroty
ot ics security · medium
performing-ot-vulnerability-scanning-safely
ot ics security · medium
performing-physical-intrusion-assessment
red teaming · high
performing-plc-firmware-security-analysis
ot ics security · medium
performing-power-grid-cybersecurity-assessment
ot ics security · medium
performing-privilege-escalation-assessment
penetration testing · medium
performing-privilege-escalation-on-linux
red teaming · high
performing-s7comm-protocol-security-analysis
ot ics security · medium
performing-sca-dependency-scanning-with-snyk
devsecops · low
performing-scada-hmi-security-assessment
ot ics security · medium
performing-second-order-sql-injection
web application security · medium
performing-security-headers-audit
web application security · medium
performing-serverless-function-security-review
cloud security · low
performing-soap-web-service-security-testing
api security · medium
performing-subdomain-enumeration-with-subfinder
web application security · medium
performing-thick-client-application-penetration-test
penetration testing · medium
performing-threat-hunting-with-yara-rules
threat hunting · low
performing-threat-modeling-with-owasp-threat-dragon
devsecops · low
performing-vulnerability-scanning-with-nessus
penetration testing · medium
performing-web-application-firewall-bypass
web application security · medium
performing-web-application-penetration-test
penetration testing · medium
performing-web-application-scanning-with-nikto
vulnerability management · medium
performing-web-application-vulnerability-triage
vulnerability management · medium
performing-web-cache-deception-attack
web application security · medium
performing-web-cache-poisoning-attack
web application security · medium
performing-wireless-network-penetration-test
penetration testing · medium
Phone Number Spoofing: Official Phone Number Spoofing
red teaming · high
prioritizing-vulnerabilities-with-cvss-scoring
vulnerability management · medium
relaying-ntlm-for-adcs-esc8
red teaming · high
remediating-s3-bucket-misconfiguration
cloud security · low
reverse-engineering-ios-app-with-frida
mobile security · low
scanning-containers-with-trivy-in-cicd
devsecops · low
scanning-iac-and-images-with-trivy
devsecops · low
scanning-infrastructure-with-nessus
vulnerability management · medium
securing-api-gateway-with-aws-waf
cloud security · low
securing-aws-lambda-execution-roles
cloud security · low
securing-azure-with-microsoft-defender
cloud security · low
securing-container-registry-images
cloud security · low
securing-github-actions-workflows
devsecops · low
securing-historian-server-in-ot-environment
ot ics security · medium
securing-kubernetes-on-cloud
cloud security · low
securing-remote-access-to-ot-environment
ot ics security · medium
securing-serverless-functions
cloud security · low
testing-android-intents-for-vulnerabilities
mobile security · low
testing-api-authentication-weaknesses
api security · medium
testing-api-for-broken-object-level-authorization
api security · medium
testing-api-for-mass-assignment-vulnerability
api security · medium
testing-api-security-with-owasp-top-10
web application security · medium
testing-cors-misconfiguration
web application security · medium
testing-for-broken-access-control
web application security · medium
testing-for-business-logic-vulnerabilities
web application security · medium
testing-for-email-header-injection
web application security · medium
testing-for-host-header-injection
web application security · medium
testing-for-json-web-token-vulnerabilities
web application security · medium
testing-for-open-redirect-vulnerabilities
web application security · medium
testing-for-sensitive-data-exposure
web application security · medium
testing-for-xml-injection-vulnerabilities
web application security · medium
testing-for-xss-vulnerabilities
penetration testing · medium
testing-for-xss-vulnerabilities-with-burpsuite
web application security · medium
testing-for-xxe-injection-vulnerabilities
web application security · medium
testing-jwt-token-security
web application security · medium
testing-mobile-api-authentication
mobile security · low
testing-oauth2-implementation-flaws
api security · medium
testing-websocket-api-security
api security · medium
Transfer of funds
threat hunting · low
triaging-vulnerabilities-with-ssvc-framework
vulnerability management · medium
Use Alternate Authentication Material: Application Access Token
cloud security · low
Use Alternate Authentication Material: Application Access Token
cloud security · low
© 2026 Casky.AI, Inc. · AI Security Investigation