CVE-2026-9604
Improper Access Control in JeecgBoot AiragModelController
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jeecgboot | jeecgboot | to 3.9.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability allows remote attackers to bypass access controls, potentially granting unauthorized access to data or functionality within the affected component. This could lead to exposure of sensitive information or unauthorized actions within the system.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade JeecgBoot to version 3.9.2, as this version resolves the issue.
Since the vulnerability involves improper access controls in the AiragModelController component, upgrading the affected component is essential to prevent remote exploitation.
Can you explain this vulnerability to me?
This vulnerability exists in JeecgBoot up to version 3.9.1, specifically in the AiragModelController component. It involves improper access controls due to manipulation of the argument list/queryById. This flaw allows an attacker to remotely exploit the system by bypassing intended access restrictions.
The issue can be resolved by upgrading JeecgBoot to version 3.9.2 or later.