CVE-2026-5848

Source
https://cve.org/CVERecord?id=CVE-2026-5848
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5848.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-5848
Published
2026-04-09T05:15:11.492Z
Modified
2026-07-15T01:49:03.242957200Z
Severity
  • 2.0 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
jeecgboot JimuReport Data Source testConnection DriverManager.getConnection code injection
Details

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor confirmed the issue and will provide a fix in the upcoming release.

Database specific
{
    "cwe_ids": [
        "CWE-74",
        "CWE-94"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5848.json",
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/jeecgboot/jimureport

Affected ranges

Type
GIT
Repo
https://github.com/jeecgboot/jimureport
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "2.0"
        },
        {
            "last_affected": "2.0"
        },
        {
            "introduced": "2.1"
        },
        {
            "last_affected": "2.1"
        },
        {
            "introduced": "2.2"
        },
        {
            "last_affected": "2.2"
        },
        {
            "introduced": "2.3.0"
        },
        {
            "last_affected": "2.3.0"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

2.*
2.0
2.2
2.3.0
v2.*
v2.0.0
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.5
v2.2.0
v2.3.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5848.json"