Home

Description

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version 3.9.2 is sufficient to resolve this issue. Upgrading the affected component is recommended.

PUBLISHED Reserved 2026-05-26 | Published 2026-05-26 | Updated 2026-05-28 | Assigner VulDB




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
6.5AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

Problem types

Improper Access Controls

Incorrect Privilege Assignment

Timeline

2026-05-26:Advisory disclosed
2026-05-26:VulDB entry created
2026-05-26:VulDB entry last update

Credits

AliceS614 (VulDB User) reporter

References

github.com/jeecgboot/JeecgBoot/issues/9598 exploit

vuldb.com/vuln/365637 (VDB-365637 | JeecgBoot add access control) vdb-entry

vuldb.com/vuln/365637/cti (VDB-365637 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/submit/817918 (Submit #817918 | JeecgBoot 3.9.1 Improper Access Controls) third-party-advisory

github.com/jeecgboot/JeecgBoot/issues/9598 exploit issue-tracking

github.com/jeecgboot/JeecgBoot/issues/9598 issue-tracking

github.com/jeecgboot/JeecgBoot/releases/tag/v3.9.2 patch

github.com/jeecgboot/JeecgBoot/ product

cve.org (CVE-2026-9581)

nvd.nist.gov (CVE-2026-9581)

Download JSON