CVE-2026-9581
Improper Access Control in JeecgBoot
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jeecg | jeecgboot | to 3.9.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can allow unauthorized remote attackers to bypass access controls, potentially leading to unauthorized access or actions within the affected system. This can compromise the confidentiality, integrity, and availability of the system or its data.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to upgrade JeecgBoot to version 3.9.2.
Upgrading the affected component is sufficient to resolve the issue caused by improper access controls in the /sys/comment/add function.
Can you explain this vulnerability to me?
This vulnerability exists in JeecgBoot versions up to 3.9.1 and involves an unknown function in the file /sys/comment/add. It leads to improper access controls, meaning that unauthorized users might gain access or perform actions they should not be allowed to. The attack can be executed remotely, and an exploit is publicly available.
Upgrading to version 3.9.2 of JeecgBoot resolves this issue.