CVE-2026-7290

Source
https://cve.org/CVERecord?id=CVE-2026-7290
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-7290.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-7290
Published
2026-04-28T16:30:14.767Z
Modified
2026-07-15T16:34:27.370533Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
JeecgBoot loadDict Endpoint SqlInjectionUtil.java SqlInjectionUtil sql injection
Details

A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java of the component loadDict Endpoint. This manipulation of the argument keyword causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Patch name: a9c8e8eb1185751c4c3c68d2a53f3dadee9edc6b. To fix this issue, it is recommended to deploy a patch.

Database specific
{
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-74",
        "CWE-89"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/7xxx/CVE-2026-7290.json"
}
References

Affected packages

Git / github.com/jeecgai/jeecgboot

Affected ranges

Type
GIT
Repo
https://github.com/jeecgai/jeecgboot
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "3.9.0"
        },
        {
            "last_affected": "3.9.0"
        },
        {
            "introduced": "3.9.1"
        },
        {
            "last_affected": "3.9.1"
        }
    ]
}

Affected versions

3.*
3.9.0
3.9.1
v3.*
v3.9.0last
v3.9.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-7290.json"
vanir_signatures
[
    {
        "id": "CVE-2026-7290-d412c026",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/jeecgai/jeecgboot/commit/a9c8e8eb1185751c4c3c68d2a53f3dadee9edc6b",
        "deprecated": false,
        "digest": {
            "function_hash": "77930596693703496521376099381573072509",
            "length": 1774.0
        },
        "target": {
            "function": "getFilterSql",
            "file": "jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysDictServiceImpl.java"
        }
    },
    {
        "id": "CVE-2026-7290-e40b3f7d",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/jeecgai/jeecgboot/commit/a9c8e8eb1185751c4c3c68d2a53f3dadee9edc6b",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "300431161844885419667574817492926102959",
                "72331545502090239822142547464255355331",
                "60872430430981169598151054971214295821",
                "15576054689313794171814587587907918151",
                "80509250880586165523010949899200749497",
                "329875683535137718611655465385187440336",
                "265074977420128431484297422255718154014",
                "37739581807770665415403559783552515694"
            ]
        },
        "target": {
            "file": "jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java"
        }
    },
    {
        "id": "CVE-2026-7290-f1e0ec55",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/jeecgai/jeecgboot/commit/a9c8e8eb1185751c4c3c68d2a53f3dadee9edc6b",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "115188993830028587648611015997706471364",
                "181994561756120921530307554772717533925",
                "310686899456402137596810104958592047278",
                "282050522616074719323923880613863493473",
                "161932402032403860300003092987560868117",
                "336604060357734275658347996631439990774"
            ]
        },
        "target": {
            "file": "jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysDictServiceImpl.java"
        }
    }
]
vanir_signatures_modified
"2026-07-15T16:34:27Z"