CVE-2026-9580

Source
https://cve.org/CVERecord?id=CVE-2026-9580
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-9580.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-9580
Published
2026-05-26T20:15:14.623Z
Modified
2026-07-08T08:11:38.856083309Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
JeecgBoot selectDepart LoginController.selectDepart access control
Details

A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.9.2 is sufficient to fix this issue. It is suggested to upgrade the affected component.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/9xxx/CVE-2026-9580.json",
    "cwe_ids": [
        "CWE-266",
        "CWE-284"
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/jeecgboot/jeecgboot

Affected ranges

Type
GIT
Repo
https://github.com/jeecgboot/jeecgboot
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "3.9.0"
        },
        {
            "last_affected": "3.9.0"
        },
        {
            "introduced": "3.9.1"
        },
        {
            "last_affected": "3.9.1"
        }
    ]
}

Affected versions

3.*
3.9.0
3.9.1
v3.*
v3.9.0last
v3.9.1
v3.9.1last

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-9580.json"