{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30403", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-24T01:14:09.838Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-19T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-19T16:02:33.447Z"}, "descriptions": [{"lang": "en", "value": "There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/tianshiyeben/wgcloud/issues/97"}, {"url": "https://github.com/TTTlw1024/qwe/issues/2"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T01:12:06.627033Z", "id": "CVE-2026-30403", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T01:14:09.838Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30403", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T01:12:06.627033Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T01:12:29.111Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/tianshiyeben/wgcloud/issues/97"}, {"url": "https://github.com/TTTlw1024/qwe/issues/2"}], "descriptions": [{"lang": "en", "value": "There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-19T16:02:33.447Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30403", "state": "PUBLISHED", "dateUpdated": "2026-03-24T01:14:09.838Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-19T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server."}, {"lang": "es", "value": "Hay una vulnerabilidad de lectura arbitraria de archivos en la funci\u00f3n de prueba de conexi\u00f3n de la gesti\u00f3n de bases de datos de backend en wgcloud v3.6.3 y versiones anteriores, que puede ser utilizada para leer cualquier archivo en el servidor de la v\u00edctima."}], "id": "CVE-2026-30403", "lastModified": "2026-03-24T02:16:04.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-19T17:16:23.950", "references": [{"source": "cve@mitre.org", "url": "https://github.com/TTTlw1024/qwe/issues/2"}, {"source": "cve@mitre.org", "url": "https://github.com/tianshiyeben/wgcloud/issues/97"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.6.3]"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "wgcloud", "vendor": "tianshiyeben"}], "analysis": {"en": {"generated_at": "2026-03-24T03:49:53.218349+00:00", "value": {"mitigation_remediation": ["Upgrade wgcloud to a version newer than 3.6.3", "If an upgrade is not immediately possible, restrict network access to the backend management interface and disable the test connection feature if configurable", "Monitor access logs for attempts to use the test connection endpoint"], "summary": {"action": "Immediate Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Any installation of wgcloud version 3.6.3 or older that exposes the backend database management interface is affected. The issue resides in the test connection routine used for database connectivity checks.", "description_and_impact": "The vulnerability allows an attacker to read arbitrary files on the victim's server through the test connection function in the backend database management of wgcloud v3.6.3 and earlier. This flaw results in a direct compromise of confidentiality by exposing sensitive data and configuration files. It is a classic directory traversal and file read weakness identified as CWE-22.", "risk_and_exploitability": "The CVSS score of 7.5 indicates high severity, while the EPSS score of less than 1% suggests the likelihood of exploitation is currently low. The vulnerability is not listed in the CISA KEV catalog. Attackers likely need authenticated or privileged access to the backend service to trigger the file read, as the vector is not explicitly stated in the description."}}}}, "created": "2026-03-20T08:58:07.942785+00:00", "title": "Arbitrary File Read via Test Connection in wgcloud Backend Services", "updated": "2026-03-25T11:51:45.438042+00:00", "vendors": ["tianshiyeben", "tianshiyeben$PRODUCT$wgcloud"]}