Description
There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server.
Published: 2026-03-19
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary File Read
Action: Patch ASAP
AI Analysis

Impact

The vulnerability resides in the test connection function of the backend database management in wgcloud, allowing an attacker to read any file on the victim’s server when using wgcloud version 3.6.3 or earlier. This can expose configuration files, credentials, and other sensitive data, enabling broader compromise or data exfiltration.

Affected Systems

The affected product is wgcloud developed by wgstart. Versions 3.6.3 and all earlier releases of wgcloud are impacted.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity potential impact. EPSS indicates that exploitation is unlikely (<1%), and the vulnerability is not listed in CISA’s KEV catalog. Based on the nature of the function, the attack vector is inferred to be remote via the web interface or API that exposes the test connection endpoint.

Generated by OpenCVE AI on April 2, 2026 at 13:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade wgcloud to version 3.6.4 or later (or apply the vendor’s patch for version 3.6.3 and earlier).
  • If an immediate upgrade is not possible, restrict network access to the wgcloud backend service to trusted IP addresses only.
  • Monitor system logs for repeated test connection requests and investigate any suspicious activity.

Generated by OpenCVE AI on April 2, 2026 at 13:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Arbitrary File Read via Test Connection in wgcloud Backend Services

Thu, 02 Apr 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Wgstart
Wgstart wgcloud
CPEs cpe:2.3:a:wgstart:wgcloud:*:*:*:*:*:*:*:*
Vendors & Products Wgstart
Wgstart wgcloud

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Title Arbitrary File Read via Test Connection in wgcloud Backend Services

Tue, 24 Mar 2026 02:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Tianshiyeben
Tianshiyeben wgcloud
Vendors & Products Tianshiyeben
Tianshiyeben wgcloud

Thu, 19 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
Description There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server.
References

Subscriptions

Tianshiyeben Wgcloud
Wgstart Wgcloud
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-24T01:14:09.838Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30403

cve-icon Vulnrichment

Updated: 2026-03-24T01:12:29.111Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T17:16:23.950

Modified: 2026-04-02T12:19:47.237

Link: CVE-2026-30403

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:23:24Z

Weaknesses