CVE-2026-5999

MEDIUM 6.3

JeecgBoot SysAnnouncementController improper authorization

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

13th

A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor confirmed the issue and will provide a fix in the upcoming release.

CWE	CWE-285 CWE-266
Vendor	n/a
Product	jeecgboot
Published	Apr 10, 2026
Last Updated	Apr 10, 2026

Stay Ahead of the Next One

Get instant alerts for n/a jeecgboot

Be the first to know when new medium vulnerabilities affecting n/a jeecgboot are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / JeecgBoot

3.9.0 3.9.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/356553 vuldb.com: https://vuldb.com/vuln/356553/cti vuldb.com: https://vuldb.com/submit/793656 github.com: https://github.com/jeecgboot/JeecgBoot/issues/9508 github.com: https://github.com/jeecgboot/JeecgBoot/issues/9508#issuecomment-4199090102 github.com: https://github.com/jeecgboot/JeecgBoot/

Credits

🔍 XinX (VulDB User) VulDB CNA Team