Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%
Buy Us a Coffee

JeecgBoot — Vulnerabilities & Security Advisories 45

All 45 CVE vulnerabilities found in JeecgBoot, with AI-generated Chinese analysis, references, and POCs.

This page aggregates security vulnerability data for the JeecgBoot enterprise application development platform. It collects information regarding software flaws, configuration errors, and potential exploitation vectors associated with this specific Java-based low-code framework. The content spans from the product's initial release through recent updates, capturing the historical timeline of disclosed issues. Here, users can discover detailed insights into how vendors publish advisories, understand the broader context of specific weakness classes, and look up the complete vulnerability history of the product. This resource is designed to assist developers, security analysts, and IT administrators in assessing risk exposure and prioritizing remediation efforts. By consolidating disparate sources of vulnerability intelligence, the page provides a centralized view of the security posture of JeecgBoot. Readers can examine reported issues to identify patterns in defect types, such as injection flaws or authentication bypasses, and compare them against industry standards. The aggregation serves as a reference for auditing compliance and ensuring that the development lifecycle incorporates necessary security controls. It does not provide immediate fixes or patches but rather offers the contextual data required for informed decision-making. Maintaining an awareness of these historical vulnerabilities helps organizations mitigate long-term technical debt and improves overall software resilience. This summary supports proactive security management by highlighting past weaknesses that may still impact current deployments if not properly addressed.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2026-11502 JeecgBoot Third-Party Login ThirdLoginController.java HttpServletResponse.sendRedirect redirect CWE-601 3.1 Low2026-06-08
CVE-2026-11464 JeecgBoot User List Endpoint SysUserController.java queryPageList information disclosure CWE-200 3.1 Low2026-06-07
CVE-2026-10240 JeecgBoot test server-side request forgery CWE-918 6.3 Medium2026-06-01
CVE-2026-10239 JeecgBoot edit WordUtil.addImage server-side request forgery CWE-918 6.3 Medium2026-06-01
CVE-2026-9604 JeecgBoot AiragModelController access control CWE-284 4.3 Medium2026-05-26
CVE-2026-9581 JeecgBoot add access control CWE-284 6.3 Medium2026-05-26
CVE-2026-9580 JeecgBoot selectDepart LoginController.selectDepart access control CWE-284 7.3 High2026-05-26
CVE-2026-9579 JeecgBoot SysUser userEdit user.getUsername access control CWE-284 6.3 Medium2026-05-26
CVE-2026-9373 JeecgBoot OpenAPI Endpoint call improper authentication CWE-287 3.7 Low2026-05-24
CVE-2026-8196 JeecgBoot mLogin Endpoint LoginController.java authorization CWE-639 3.7 Low2026-05-09
CVE-2026-8195 JeecgBoot SVG File CommonController.java cross site scripting CWE-79 4.3 Medium2026-05-09
CVE-2026-8114 JeecgBoot JSON Object loadTreeData sql injection CWE-89 6.3 Medium2026-05-07
CVE-2026-7605 JeecgBoot uploadImgByHttpEndpoint CommonController.java HttpFileToMultipartFileUtil.downloadImageData server-side request forgery CWE-918 6.3 Medium2026-05-02
CVE-2026-7604 JeecgBoot OpenApi Service OpenApiController.java OpenApiController.call server-side request forgery CWE-918 6.3 Medium2026-05-02
CVE-2026-7603 JeecgBoot LoadFile Endpoint FileDownloadUtils.jav checkPathTraversalBatch server-side request forgery CWE-918 6.3 Medium2026-05-02
CVE-2026-7602 JeecgBoot FillRuleUtil edit improper authorization CWE-285 6.3 Medium2026-05-02
CVE-2026-7290 JeecgBoot loadDict Endpoint SqlInjectionUtil.java SqlInjectionUtil sql injection CWE-89 6.3 Medium2026-04-28
CVE-2026-5999 JeecgBoot SysAnnouncementController improper authorization CWE-285 6.3 Medium2026-04-10
CVE-2026-5616 JeecgBoot AI Chat JeecgBizToolsProvider.java missing authentication CWE-306 7.3 High2026-04-06
CVE-2026-3672 JeecgBoot getDictItems isExistSqlInjectKeyword sql injection CWE-89 6.3 Medium2026-03-07
CVE-2026-2945 JeecgBoot uploadImgByHttp server-side request forgery CWE-918 6.3 Medium2026-02-22
CVE-2026-2822 JeecgBoot Backend airag_app,1,create_by sql injection CWE-89 6.3 Medium2026-02-20
CVE-2026-2555 JeecgBoot Retrieval-Augmented Generation AiragKnowledgeController.java importDocumentFromZip deserialization CWE-502 5.0 Medium2026-02-16
CVE-2026-2111 JeecgBoot Retrieval-Augmented Generation edit path traversal CWE-22 4.3 Medium2026-02-07
CVE-2026-1746 JeecgBoot Online Report API loadDictItemByKeyword sql injection CWE-89 6.3 Medium2026-02-02
CVE-2025-15126 JeecgBoot getPositionUserList improper authorization CWE-285 3.1 Low2025-12-28
CVE-2025-15125 JeecgBoot queryDepartPermission improper authorization CWE-285 3.1 Low2025-12-28
CVE-2025-15124 JeecgBoot list getParameterMap improper authorization CWE-285 3.1 Low2025-12-28
CVE-2025-15123 JeecgBoot datarule improper authorization CWE-285 3.1 Low2025-12-28
CVE-2025-15122 JeecgBoot datarule loadDatarule improper authorization CWE-285 3.1 Low2025-12-28

All 45 known CVE vulnerabilities affecting JeecgBoot with full Chinese analysis, references, and POCs where available.