CVE-2026-3405

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-3405
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3405.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-3405
Published
2026-03-02T02:16:20.013Z
Modified
2026-04-10T05:42:59.480155Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability has been found in thinkgem JeeSite up to 5.15.1. The affected element is an unknown function of the component Connection Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/thinkgem/jeesite

Affected ranges

Type
GIT
Repo
https://github.com/thinkgem/jeesite
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7da56bb2423761e71bf19dfad4964c9b06791fd1
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.15.1"
        }
    ]
}

Affected versions

v5.*
v5.0.3
v5.0.4
v5.1.0
v5.12.0.vue
v5.12.1.vue
v5.13.0.vue
v5.13.1.vue
v5.14.0.vue
v5.14.1.vue
v5.15.0.vue
v5.15.1.vue
v5.2.0
v5.2.1
v5.2.2
v5.3.0
v5.3.1
v5.3.2
v5.4.0
v5.5.0
v5.5.1
v5.5.2
v5.6.0
v5.7.0
v5.7.1
v5.8.0
v5.8.1
v5.9.0
v5.9.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3405.json"