Operation Delegation Vulnerability in Eclipse BaSyx Java Server SDK
CVE-2026-7412

8.6HIGH

Key Information:

Vendor: Eclipse Foundation
Status: Eclipse Basyx
Vendor: CVE Published:; 5 May 2026

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2026-7412?

In Eclipse BaSyx Java Server SDK versions before 2.0.0-milestone-10, a flaw in the Operation Delegation feature allows an unauthenticated attacker to manipulate the server into executing HTTP POST requests to arbitrary internal or external destinations. This vulnerability compromises network segmentation controls, enabling unauthorized access to isolated internal IT and operational technology infrastructure as well as potential exposure to sensitive Cloud Metadata services.

Affected Version(s)

Eclipse BaSyx 0 < 2.0.0-milestone-10

References

https://gitlab.eclipse.org/security/vulnerability-reports...

https://gitlab.eclipse.org/security/cve-assignment/-/issu...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

Mohamed Lemine Ahmed Jidou (AegisSec)

CVE-2026-7412 Data

JSON