Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-7290— JeecgBoot loadDict Endpoint SqlInjectionUtil.java SqlInjectionUtil sql injection

CVSS 6.3 · Medium EPSS 0.04% · P11
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-7290

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
JeecgBoot loadDict Endpoint SqlInjectionUtil.java SqlInjectionUtil sql injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java of the component loadDict Endpoint. This manipulation of the argument keyword causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Patch name: a9c8e8eb1185751c4c3c68d2a53f3dadee9edc6b. To fix this issue, it is recommended to deploy a patch.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
JeecgBoot 注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
JeecgBoot是中国国炬(Jeecg)公司的一个适用于企业 Web 应用程序的 Java 低代码平台。 JeecgBoot 3.9.1及之前版本存在注入漏洞,该漏洞源于组件loadDict Endpoint中文件jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java的函数SqlInjectionUtil的参数keyword操作导致SQL注入,可能允许远程攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-JeecgBoot 3.9.0 -

II. Public POCs for CVE-2026-7290

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-7290

登录查看更多情报信息。

Same Patch Batch · n/a · 2026-04-28 · 10 CVEs total

CVE-2026-72916.3 MEDIUMo2oa URL Fetching FileAction.java FileAction server-side request forgery
CVE-2026-72925.6 MEDIUMo2oa NodeAgent NodeAgent.java syncFile improper authorization
CVE-2025-608875.3 MEDIUMCista 代码问题漏洞
CVE-2025-67223Aranda Service Desk 安全漏洞
CVE-2026-38651Gravitl Netmaker 数据伪造问题漏洞
CVE-2026-38948FUEL CMS 跨站脚本漏洞
CVE-2025-60889StellarGroup HPX 安全漏洞
CVE-2026-38949HTMLy 安全漏洞
CVE-2026-37750School Management System 安全漏洞

IV. Related Vulnerabilities

Same product: JeecgBoot
Same vendor: n/a
Same weakness: CWE-89

V. Comments for CVE-2026-7290

No comments yet

Leave a comment