CVE-2026-5999

Source
https://cve.org/CVERecord?id=CVE-2026-5999
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5999.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-5999
Published
2026-04-10T01:45:14.036Z
Modified
2026-07-15T01:49:06.076455413Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
JeecgBoot SysAnnouncementController improper authorization
Details

A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor confirmed the issue and will provide a fix in the upcoming release.

Database specific
{
    "cwe_ids": [
        "CWE-266",
        "CWE-285"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5999.json",
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/jeecgboot/jeecgboot

Affected ranges

Type
GIT
Repo
https://github.com/jeecgboot/jeecgboot
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "3.9.0"
        },
        {
            "last_affected": "3.9.0"
        },
        {
            "introduced": "3.9.1"
        },
        {
            "last_affected": "3.9.1"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

3.*
3.9.0
3.9.1
v3.*
v3.9.0last
v3.9.1
v3.9.1last

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5999.json"