CVE-2026-9581

Source
https://cve.org/CVERecord?id=CVE-2026-9581
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-9581.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-9581
Published
2026-05-26T20:30:13.981Z
Modified
2026-07-15T01:49:05.042907658Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
JeecgBoot add access control
Details

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version 3.9.2 is sufficient to resolve this issue. Upgrading the affected component is recommended.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/9xxx/CVE-2026-9581.json",
    "cwe_ids": [
        "CWE-266",
        "CWE-284"
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/jeecgboot/jeecgboot

Affected ranges

Type
GIT
Repo
https://github.com/jeecgboot/jeecgboot
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "3.9.0"
        },
        {
            "last_affected": "3.9.0"
        },
        {
            "introduced": "3.9.1"
        },
        {
            "last_affected": "3.9.1"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

3.*
3.9.0
3.9.1
v3.*
v3.9.0last
v3.9.1
v3.9.1last

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-9581.json"