A vulnerability, which was classified as critical , has been found in flipped-aurora gin-vue-admin 2.9.1 . This vulnerability affects unknown code of the file /autoCode/addFunc . The manipulation of the argument identifier-related leads to os command injection. This vulnerability is referenced as CVE-2026-48787 . Remote exploitation of the attack is possible. No exploit is available. Applying a patch is the recommended action to fix this issue.