Home

Description

JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication: the handler is annotated @JimuNoLoginRequired, so JimuReportTokenInterceptor skips all authentication and authorization, and the export service streams the rendered report for any supplied report id without verifying the auto-export configuration flag. An unauthenticated remote attacker can enumerate Snowflake report identifiers and export the full contents of any report, including the data returned by the report configured SQL queries and any credentials embedded in its data sources.

PUBLISHED Reserved 2026-06-30 | Published 2026-06-30 | Updated 2026-07-14 | Assigner VulnCheck




HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

Missing Authentication for Critical Function

Product status

Default status
unaffected

Any version
affected

Credits

George Chen finder

References

github.com/jeecgboot/jimureport/issues/4694 (Researcher Disclosure) technical-description exploit

www.vulncheck.com/...-report-export-via-jmreport-auto-export third-party-advisory

cve.org (CVE-2026-58375)

nvd.nist.gov (CVE-2026-58375)

Download JSON