CVE-2026-9580
Improper Access Control in JeecgBoot
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jeecg | jeecgboot | to 3.9.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in JeecgBoot versions up to 3.9.1, specifically in the function LoginController.selectDepart located in the file /sys/selectDepart.
The issue is caused by improper access controls, which means that unauthorized users may be able to access or manipulate parts of the system they should not be able to.
The vulnerability can be exploited remotely, and the exploit has been publicly disclosed.
Upgrading to version 3.9.2 of JeecgBoot fixes this vulnerability.
How can this vulnerability impact me? :
This vulnerability can allow unauthorized remote attackers to bypass access controls, potentially gaining access to restricted functions or data.
Such unauthorized access can lead to data exposure, manipulation, or other malicious activities within the affected system.
Because the exploit is publicly known, the risk of attack is increased if the system is not updated.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade JeecgBoot to version 3.9.2, as this version contains the fix for the improper access control issue in the LoginController.selectDepart function.