CVE-2026-38812
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk19th percentile — higher than 19% of all known CVEs
Summary
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information.
Risk Assessment
An attacker with administrative privileges may gain access to sensitive database information, posing a serious security risk to the organization.
Recommendation
It is recommended to update to the latest version of RuoYi and implement additional security measures to restrict access to the /tool/gen/createTable endpoint.
Original NVD description (English source)
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information.

