A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. A fix is planned for the upcoming release.
{
"cna_assigner": "VulDB",
"cwe_ids": [
"CWE-918"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/10xxx/CVE-2026-10239.json"
}{
"extracted_events": [
{
"introduced": "3.9.0"
},
{
"last_affected": "3.9.0"
},
{
"introduced": "3.9.1"
},
{
"last_affected": "3.9.1"
},
{
"introduced": "3.9.2"
},
{
"last_affected": "3.9.2"
}
],
"source": "AFFECTED_FIELD"
}