CVE-2026-7602

Source
https://cve.org/CVERecord?id=CVE-2026-7602
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-7602.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-7602
Published
2026-05-02T03:15:12.820Z
Modified
2026-07-15T01:49:05.008433374Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
JeecgBoot FillRuleUtil edit improper authorization
Details

A vulnerability was found in JeecgBoot up to 3.9.1. Affected by this vulnerability is an unknown functionality of the file /sys/fillRule/edit of the component FillRuleUtil Component. The manipulation of the argument ruleClass results in improper authorization. The attack may be performed from remote. The exploit has been made public and could be used. You should upgrade the affected component. The vendor confirmed the issue and will provide a fix in the upcoming release.

Database specific
{
    "cwe_ids": [
        "CWE-266",
        "CWE-285"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/7xxx/CVE-2026-7602.json",
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/jeecgboot/jeecgboot

Affected ranges

Type
GIT
Repo
https://github.com/jeecgboot/jeecgboot
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "3.9.0"
        },
        {
            "last_affected": "3.9.0"
        },
        {
            "introduced": "3.9.1"
        },
        {
            "last_affected": "3.9.1"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

3.*
3.9.0
3.9.1
v3.*
v3.9.0last
v3.9.1
v3.9.1last

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-7602.json"