CVE-2026-6125— Dromara warm-flow Workflow Definition save-json SpelHelper.parseExpression code injection

Dromara warm-flow Workflow Definition save-json SpelHelper.parseExpression code injection

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

对生成代码的控制不恰当(代码注入)

Warm-Flow 代码注入漏洞

Warm-Flow是Dromara开源的一个工作流引擎。 Warm-Flow 1.8.4及之前版本存在代码注入漏洞，该漏洞源于Workflow Definition Handler组件中文件/warm-flow/save-json的SpelHelper.parseExpression函数对参数listenerPath/skipCondition/permissionFlag处理不当，可能导致代码注入。

N/A

N/A