CVE-2026-30402
Published: 19 March 2026
Description
An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection function
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CWE-94 code injection in the test connection function by enforcing input validation mechanisms to reject malicious inputs.
Prevents unauthenticated remote attackers from accessing the vulnerable test connection function by limiting permitted actions without identification or authentication.
Addresses the specific flaw in wgcloud by identifying, reporting, and remediating the vulnerability through timely patching.
Security SummaryAI
CVE-2026-30402 is a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting wgcloud versions 2.3.7 and prior. The issue, classified under CWE-94 (code injection), enables a remote attacker to execute arbitrary code through the test connection function.
Any unauthenticated remote attacker can exploit this vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation allows the attacker to achieve high-impact effects on confidentiality, integrity, and availability, including full arbitrary code execution on the targeted system.
Mitigation details and further information are available in the referenced GitHub issues: https://github.com/TTTlw1024/qwe/issues/1 and https://github.com/tianshiyeben/wgcloud/issues/96. The vulnerability was published on 2026-03-19T15:16:26.190.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2026-30402 is an unauthenticated remote code execution vulnerability in a network-accessible application (wgcloud), directly enabling exploitation of public-facing applications for initial access.