Browse all 26 CVE security advisories affecting Dromara. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Dromara is an open-source ecosystem primarily focused on providing rapid development frameworks and enterprise-level solutions for Java-based applications. Its core offerings include modular platforms designed to streamline backend development, often serving as the foundation for various commercial and internal enterprise systems. Security audits have identified twenty-six Common Vulnerabilities and Exposures (CVEs) associated with components within this ecosystem. Historically, these vulnerabilities predominantly manifest as Remote Code Execution (RCE) flaws, often stemming from insecure deserialization or improper input validation in underlying libraries. Additionally, instances of Cross-Site Scripting (XSS) and privilege escalation vulnerabilities have been documented, typically arising from misconfigured access controls or outdated dependencies. While no single catastrophic incident has defined the project’s public history, the accumulation of CVEs highlights the necessity for rigorous dependency management and regular patching. Developers utilizing Dromara-based architectures must prioritize updating framework versions to mitigate these known risks and ensure system integrity.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-7699 | Dromara MaxKey StrUtils.java StrUtils.checkSqlInjection sql injection — MaxKeyCWE-89 | 6.3 | Medium | 2026-05-03 |
| CVE-2025-6517 | Dromara MaxKey Meta URL SAML20DetailsController.java add server-side request forgery — MaxKeyCWE-918 | 6.3 | Medium | 2025-06-23 |
This page lists every published CVE security advisory associated with Dromara. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.