Ctrl + K
/ news / CVE
CVEPublished 2026-04-26Modified 2026-04-270 articles on news7 live referencesNVD data

CVE-2026-7045

Vulnerability data via NVD (ingested)

CVSS v3.1
6.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS percentile
Weaknesses (CWE)
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')CWE-707Improper Neutralization
Description

A vulnerability was determined in baomidou dynamic-datasource 2.5.0. Affected by this vulnerability is the function DsSpelExpressionProcessor#doDetermineDatasource of the file dynamic-datasource-spring/src/main/java/com/baomidou/dynamic/datasource/processor/DsSpelExpressionProcessor.java of the component StandardEvaluationContext/SpelExpressionParser. This manipulation causes injection. The attack may be initiated remotely. Patch name: 273fcedaee984c08197c0890f14190b86ab7e0b8. It is recommended to apply a patch to fix this issue.

Timeline
Published 2026-04-26
Modified 2026-04-27

External references

NVDMITREExploit-DBGitHub PoCSploitustrickest/cveVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-7045
Hosts Shodan has explicitly fingerprinted as vulnerable.
More intel sources (5)
Shodan report
vuln:CVE-2026-7045
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-7045
Censys host search filtered to this CVE id.
grep.app
CVE-2026-7045
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-7045
GitHub code search for direct mentions.
Google dork
"CVE-2026-7045" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2026-70458 repos
wesmar/kvcC++
KVC enables unsigned driver loading via DSE bypass (g_CiOptions patch, skci.dll hijack, SeCiCallbacks redirection) and PP/PPL manipulation for LSASS memory dumping on modern Window…
★ 259·updated 1w ago
keraattin/Red-Team-Roadmapunknown
★ 22·updated 3w ago
hiifong/starListPython
Export your star's repository list
★ 18·updated 6d ago
hugefiver/mystarsunknown
★ 15·updated 6d ago
eshukla15/Cybersecurity-Homelabunknown
★ 2·updated 1mo ago
cdburgess75/ShellKnightPowerShell
Enterprise-grade PowerShell tool for removing PUPs, browser hijackers, adware, and malware persistence.
★ 1·updated 1w ago
Krishcalin/Detection-Engineeringunknown
Security Operation Center (SOC) attack detection and response
★ 1·updated 2w ago
AqibTayyab/Security-Engineer-Roadmap-2026unknown
A structured 12-18 month roadmap from zero to job-ready Security Engineer — covering Offensive Security, Defensive Engineering, and Purple Teaming. Built on OWASP, MITRE ATT&CK, an…
★ 1·updated 1w ago
We haven't classified any articles referencing CVE-2026-7045 yet. The external references above still apply.