CVE-2026-10241— jeecgboot The server processes these URLs Cloud Instance Metadata Endpoint debug FileDownloadUtils.download2DiskFromNet server-side request forgery
Affected Version Matrix 3
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| jeecgboot | The server processes these URLs | 3.9.0 | affected |
3.9.1 | affected | ||
3.9.2 | unaffected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-10241
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
jeecgboot The server processes these URLs Cloud Instance Metadata Endpoint debug FileDownloadUtils.download2DiskFromNet server-side request forgery
Source: NVD (National Vulnerability Database)
Vulnerability Description
A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. Upgrading to version 3.9.2 mitigates this issue. It is suggested to upgrade the affected component.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
服务端请求伪造(SSRF)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| jeecgboot | The server processes these URLs | 3.9.0 | cpe:2.3:a:jeecgboot:the_server_processes_these_urls:*:*:*:*:*:*:*:* |
II. Public POCs for CVE-2026-10241
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-10241
请登录查看更多情报信息。
Vendor Pages for CVE-2026-10241 (1)
Other References for CVE-2026-10241 (1)
IV. Related Vulnerabilities
Same vendor: jeecgboot
- CVE-2026-5848
jeecgboot JimuReport Data Source testConnection DriverManage - CVE-2025-12626
jeecgboot jeewx-boot WxActGoldeneggsPrizesController.java ge - CVE-2025-10771
jeecgboot JimuReport DB2 JDBC testConnection deserialization - CVE-2025-10770
jeecgboot JimuReport MySQL JDBC testConnection deserializati - CVE-2025-8963
jeecgboot JimuReport Data Large Screen Template testConnecti
Same weakness: CWE-918
- CVE-2026-49139
Nanobot < 0.2.1 SSRF via Microsoft Teams Channel serviceUrl - CVE-2026-10287
SourceCodester SEO Meta Tag Extractor index.php get_headers - CVE-2026-49138
Nanobot < 0.2.1 SSRF via web_fetch Tool Redirect Following - CVE-2026-10280
horizon921 mcpilot MCP API Call Endpoint route.ts server-sid - CVE-2026-10276
hekmon8 Jenkins-server-mcp get_build_status/get_build_log/tr
V. Comments for CVE-2026-10241
No comments yet